From: Luca Weiss <luca@z3ntu.xyz>
Date: Sun, 8 Nov 2020 13:19:23 +0000 (+0100)
Subject: Deny (non-fatal) statx in preauth privsep child.
X-Git-Tag: V_8_5_P1~71
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e0beff67def2120f4b051b1016d7fbf84823e78;p=thirdparty%2Fopenssh-portable.git

Deny (non-fatal) statx in preauth privsep child.
---

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 5065ae7ef..d942b5e16 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -181,6 +181,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_ipc
 	SC_DENY(__NR_ipc, EACCES),
 #endif
+#ifdef __NR_statx
+	SC_DENY(__NR_statx, EACCES),
+#endif
 
 	/* Syscalls to permit */
 #ifdef __NR_brk