Re: [openssh with openssl cryptodev engine] sshd killed by seccomp filter

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 02/25/15 23:07, Ángel González wrote:
> On 25/02/15 18:21, Damien Miller wrote:
>> On Wed, 25 Feb 2015, LABBE Corentin wrote:
>>> +    SC_ALLOW(ioctl),
>> no, sorry. ioctl is too much attack kernel surface and would defeat the
>> usefulness of the sandbox.
>>
>> -d
> Labbe, which ioctl is being issued?
> 

Lots of differents ioctl, but nothing standard, there are used only by the cryptodev module.

example:
ioctl(ctx->cfd, CIOCGSESSION, &ctx->sess)
ioctl(ctx->cfd, CIOCFSESSION, &ctx->sess.ses)
ioctl(ctx->cfd, CIOCAUTHCRYPT, &cryp)
ioctl(ctx->cfd, CIOCCRYPT, &cryp)

Regards

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux