[openssh-commits] [openssh] branch master updated (b110cefd -> 30f704eb)

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Jan 8 21:49:10 AEDT 2020

This is an automated email from the git hooks/post-receive script.

dtucker pushed a change to branch master
in repository openssh.

      from  b110cefd  seccomp: Allow clock_gettime64() in sandbox.
       new  30f704eb  Deny (non-fatal) ipc in preauth privsep child.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.

Detailed log of new commits:

commit 30f704ebc0e9e32b3d12f5d9e8c1b705fdde2c89
Author: Jeremy Drake <github at jdrake.com>
Date:   Fri Oct 11 18:31:05 2019 -0700

    Deny (non-fatal) ipc in preauth privsep child.
    As noted in openssh/openssh-portable#149, i386 does not have have
    _NR_shmget etc.  Instead, it has a single ipc syscall (see man 2 ipc,
    https://linux.die.net/man/2/ipc).  Add this syscall, if present, to the
    list of syscalls that seccomp will deny non-fatally.

Summary of changes:
 sandbox-seccomp-filter.c | 3 +++
 1 file changed, 3 insertions(+)

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list