Is it safe to modify sandbox-seccomp-filter?
Wenyi Cheng
wyc9004 at gmail.com
Tue Jun 19 06:30:45 AEST 2018
Hi openssh-unix-dev,
I'm upgrading the openssh in our system from 6.6 to 7.6. The option
UsePrivilegeSeparation for sshd has been deprecated since 7.5. We used to
set it to yes but it's now sandbox by default.
We are using futex which is not allowed with sandbox. So I have to manually
add the following code change to sandbox-seccomp-filter.c to make it work.
> #ifdef __NR_futex
> SC_ALLOW(__NR_futex),
> #endif
Will this change cause any security issue?
Thanks,
Wenyi
--
Wenyi Cheng
More information about the openssh-unix-dev
mailing list