Re: seccomp filter for ppc64le in FIPS mode

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 04/24/2017 11:47 AM, Darren Tucker wrote:
On Mon, Apr 24, 2017 at 5:49 PM, Jakub Jelen <jjelen@xxxxxxxxxx <mailto:jjelen@xxxxxxxxxx>> wrote:

    [...]
    See attached patch with proposed patch (deny is intentionally after
    allowing the SYS_SHUTDOWN). Can we have it fixed in OpenSSH portable?


Applied, thanks, also cherry picked onto the 7.5 branch.

The diff did not apply cleanly ("__NR_$syscall" vs "$syscall" so I hand-edited it. I don't have access to one of these systems to test so could you please confirm that I got it right?

If I see right, you put there two ss in socketcall [1]

After fixing that it builds just fine with this line:

 +	SC_DENY(__NR_socketcall, EACCES),

[1] https://github.com/openssh/openssh-portable/commit/8b0eee14

Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux