From: Alex James <theracermaster@gmail.com>
Date: Sun, 30 Jan 2022 22:13:36 +0000 (-0600)
Subject: sandbox-seccomp-filter: allow gettid
X-Git-Tag: V_8_9_P1~46
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a0848cdd3b25c049332cd56034186b7853ae754;p=thirdparty%2Fopenssh-portable.git

sandbox-seccomp-filter: allow gettid

Some allocators (such as Scudo) use gettid while tracing allocations [1].
Allow gettid in preauth to prevent sshd from crashing with Scudo.

[1]: https://github.com/llvm/llvm-project/blob/llvmorg-13.0.0/compiler-rt/lib/gwp_asan/common.cpp#L46
---

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index f5e462806..2e065ba3e 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -228,6 +228,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_getrandom
 	SC_ALLOW(__NR_getrandom),
 #endif
+#ifdef __NR_gettid
+	SC_ALLOW(__NR_gettid),
+#endif
 #ifdef __NR_gettimeofday
 	SC_ALLOW(__NR_gettimeofday),
 #endif