]> git.ipfire.org Git - thirdparty/openssh-portable.git/commitdiff
upstream commit
authordjm@openbsd.org <djm@openbsd.org>
Mon, 29 Jun 2015 22:35:12 +0000 (22:35 +0000)
committerDamien Miller <djm@mindrot.org>
Mon, 29 Jun 2015 22:36:34 +0000 (08:36 +1000)
add getpid to sandbox, reachable by grace_alarm_handler

reported by Jakub Jelen; bz#2419

Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8

sandbox-seccomp-filter.c
sandbox-systrace.c

index ef9d6fa26dcb49bf9602a93936f232cb1c26b43d..2462bcc88f321cdd8605c16d8e5262deb8e2c07e 100644 (file)
@@ -141,6 +141,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_exit_group
        SC_ALLOW(exit_group),
 #endif
+#ifdef __NR_getpgid
+       SC_ALLOW(getpgid),
+#endif
 #ifdef __NR_getpid
        SC_ALLOW(getpid),
 #endif
index f8a55289852efa4a81465cafea5a100940763970..03b0d40ccdb19a151d689b7000034e0659c07775 100644 (file)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-systrace.c,v 1.15 2015/05/18 15:06:05 deraadt Exp $ */
+/* $OpenBSD: sandbox-systrace.c,v 1.16 2015/06/29 22:35:12 djm Exp $ */
 /*
  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
  *
@@ -61,6 +61,7 @@ static const struct sandbox_policy preauth_policy[] = {
        { SYS___sysctl, SYSTR_POLICY_PERMIT },
 #endif
        { SYS_getpid, SYSTR_POLICY_PERMIT },
+       { SYS_getpgid, SYSTR_POLICY_PERMIT },
        { SYS_gettimeofday, SYSTR_POLICY_PERMIT },
        { SYS_madvise, SYSTR_POLICY_PERMIT },
        { SYS_mmap, SYSTR_POLICY_PERMIT },