From: djm@openbsd.org <djm@openbsd.org>
Date: Mon, 29 Jun 2015 22:35:12 +0000 (+0000)
Subject: upstream commit
X-Git-Tag: V_6_9_P1~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=512caddf590857af6aa12218461b5c0441028cf5;p=thirdparty%2Fopenssh-portable.git

upstream commit

add getpid to sandbox, reachable by grace_alarm_handler

reported by Jakub Jelen; bz#2419

Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
---

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index ef9d6fa26..2462bcc88 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -141,6 +141,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_exit_group
 	SC_ALLOW(exit_group),
 #endif
+#ifdef __NR_getpgid
+	SC_ALLOW(getpgid),
+#endif
 #ifdef __NR_getpid
 	SC_ALLOW(getpid),
 #endif
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index f8a552898..03b0d40cc 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-systrace.c,v 1.15 2015/05/18 15:06:05 deraadt Exp $ */
+/* $OpenBSD: sandbox-systrace.c,v 1.16 2015/06/29 22:35:12 djm Exp $ */
 /*
  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
  *
@@ -61,6 +61,7 @@ static const struct sandbox_policy preauth_policy[] = {
 	{ SYS___sysctl, SYSTR_POLICY_PERMIT },
 #endif
 	{ SYS_getpid, SYSTR_POLICY_PERMIT },
+	{ SYS_getpgid, SYSTR_POLICY_PERMIT },
 	{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
 	{ SYS_madvise, SYSTR_POLICY_PERMIT },
 	{ SYS_mmap, SYSTR_POLICY_PERMIT },