tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 15:54:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Deny lstat syscalls in seccomp sandbox

Browse Source 
Avoids sandbox violations for some krb/gssapi libraries.
This commit is contained in:
Damien Miller 2016-05-20 09:56:53 +10:00
parent 531c135409
commit f64062b1f7
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sandbox-seccomp-filter.c
View File

@ -103,6 +103,12 @@ static const struct sock_filter preauth_insns[] = {
offsetof(struct seccomp_data, nr)), offsetof(struct seccomp_data, nr)),
/* Syscalls to non-fatally deny */ /* Syscalls to non-fatally deny */
#ifdef __NR_lstat
SC_DENY(lstat, EACCES),
#endif
#ifdef __NR_lstat64
SC_DENY(lstat64, EACCES),
#endif
#ifdef __NR_fstat #ifdef __NR_fstat
SC_DENY(fstat, EACCES), SC_DENY(fstat, EACCES),
#endif #endif