[Bug 2752] Allow syscalls for openssl engines on s390x

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri May 25 13:56:00 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2752

--- Comment #7 from Damien Miller <djm at mindrot.org> ---
I've committed the getuid patch.

wrt the remaining patches:

There isn't much point in permitting flock() - the process is in a
chroot environment and all fs operations should fail here. Could we
SC_DENY it with ENOENT or EACCESS instead?

The ipc(2) syscall is much too broad to allow in a sandbox - it
includes a number of capabilities that could be used for sandbox
escape. Is there a safe subset that could be enabled?

Is there any documentation on the ZSENDEP11CPRB ioctl?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list