[openssh-commits] [openssh] 01/01: Allow writev is seccomp sandbox.

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Jan 14 22:04:40 AEDT 2023

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 6283f4bd83eee714d0f5fc55802eff836b06fea8
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Sat Jan 14 22:02:44 2023 +1100

    Allow writev is seccomp sandbox.
    This seems to be used by recent glibcs at least in some configurations.
    From bz#3512, ok djm@
 sandbox-seccomp-filter.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index cec43c46..4ab49eb6 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -312,6 +312,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_write
+#ifdef __NR_writev
+	SC_ALLOW(__NR_writev),
 #ifdef __NR_socketcall
 	SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN),
 	SC_DENY(__NR_socketcall, EACCES),

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list