[openssh-commits] [openssh] 01/01: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Jun 30 14:39:46 AEST 2015


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 512caddf590857af6aa12218461b5c0441028cf5
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jun 29 22:35:12 2015 +0000

    upstream commit
    
    add getpid to sandbox, reachable by grace_alarm_handler
    
    reported by Jakub Jelen; bz#2419
    
    Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
---
 sandbox-seccomp-filter.c | 3 +++
 sandbox-systrace.c       | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index ef9d6fa..2462bcc 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -141,6 +141,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_exit_group
 	SC_ALLOW(exit_group),
 #endif
+#ifdef __NR_getpgid
+	SC_ALLOW(getpgid),
+#endif
 #ifdef __NR_getpid
 	SC_ALLOW(getpid),
 #endif
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index f8a5528..03b0d40 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-systrace.c,v 1.15 2015/05/18 15:06:05 deraadt Exp $ */
+/* $OpenBSD: sandbox-systrace.c,v 1.16 2015/06/29 22:35:12 djm Exp $ */
 /*
  * Copyright (c) 2011 Damien Miller <djm at mindrot.org>
  *
@@ -61,6 +61,7 @@ static const struct sandbox_policy preauth_policy[] = {
 	{ SYS___sysctl, SYSTR_POLICY_PERMIT },
 #endif
 	{ SYS_getpid, SYSTR_POLICY_PERMIT },
+	{ SYS_getpgid, SYSTR_POLICY_PERMIT },
 	{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
 	{ SYS_madvise, SYSTR_POLICY_PERMIT },
 	{ SYS_mmap, SYSTR_POLICY_PERMIT },

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list