[openssh-commits] [openssh] 01/01: Allow nanosleep in preauth privsep child.
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Apr 13 16:24:40 AEST 2018
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 1c5b4bc827f4abc3e65888cda061ad5edf1b8c7c
Author: Darren Tucker <dtucker at dtucker.net>
Date: Fri Apr 13 16:23:57 2018 +1000
Allow nanosleep in preauth privsep child.
The new timing attack mitigation code uses nanosleep in the preauth
codepath, allow in systrace andbox too.
---
sandbox-systrace.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index b4d8d04c..add4c46d 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -59,6 +59,7 @@ static const struct sandbox_policy preauth_policy[] = {
{ SYS_getpgid, SYSTR_POLICY_PERMIT },
{ SYS_clock_gettime, SYSTR_POLICY_PERMIT },
{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
+ { SYS_nanosleep, SYSTR_POLICY_PERMIT },
{ SYS_sigprocmask, SYSTR_POLICY_PERMIT },
#ifdef SYS_getentropy
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list