[openssh-commits] [openssh] 03/03: adjust seccomp filter for select->poll conversion

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 9778a15fa6dbdac6a95bf15865c2688b4bd6944e
Author: Damien Miller <djm at mindrot.org>
Date:   Thu Nov 18 10:16:55 2021 +1100

    adjust seccomp filter for select->poll conversion
    
    Needed to add ppoll syscall but also to relax the fallback rlimit
    sandbox. Linux poll() fails with EINVAL if npfds > RLIMIT_NOFILE,
    so we have to allow a single fd in the rlimit.
---
 sandbox-seccomp-filter.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 798b24bd..f5e46280 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -270,6 +270,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR__newselect
 	SC_ALLOW(__NR__newselect),
 #endif
+#ifdef __NR_ppoll
+	SC_ALLOW(__NR_ppoll),
+#endif
 #ifdef __NR_poll
 	SC_ALLOW(__NR_poll),
 #endif
@@ -391,7 +394,7 @@ ssh_sandbox_child_debugging(void)
 void
 ssh_sandbox_child(struct ssh_sandbox *box)
 {
-	struct rlimit rl_zero;
+	struct rlimit rl_zero, rl_one = {.rlim_cur = 1, .rlim_max = 1};
 	int nnp_failed = 0;
 
 	/* Set rlimits for completeness if possible. */
@@ -399,7 +402,11 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
 		fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
 			__func__, strerror(errno));
-	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
+	/*
+	 * Cannot use zero for nfds, because poll(2) will fail with
+	 * errno=EINVAL if npfds>RLIMIT_NOFILE.
+	 */
+	if (setrlimit(RLIMIT_NOFILE, &rl_one) == -1)
 		fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
 			__func__, strerror(errno));
 	if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.