[openssh-commits] [openssh] branch master updated (8ff3fc3 -> 9e96b41)

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Mar 14 12:42:00 AEDT 2017


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  8ff3fc3   upstream commit
       new  9e96b41   Fix weakness in seccomp-bpf sandbox arg inspection

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 9e96b41682aed793fadbea5ccd472f862179fb02
Author: Damien Miller <djm at mindrot.org>
Date:   Tue Mar 14 12:24:47 2017 +1100

    Fix weakness in seccomp-bpf sandbox arg inspection
    
    Syscall arguments are passed via an array of 64-bit values in struct
    seccomp_data, but we were only inspecting the bottom 32 bits and not
    even those correctly for BE systems.
    
    Fortunately, the only case argument inspection was used was in the
    socketcall filtering so using this for sandbox escape seems
    impossible.
    
    ok dtucker

Summary of changes:
 sandbox-seccomp-filter.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list