On 04/24/2017 11:47 AM, Darren Tucker wrote:
On Mon, Apr 24, 2017 at 5:49 PM, Jakub Jelen <jjelen@xxxxxxxxxx
<mailto:jjelen@xxxxxxxxxx>> wrote:
[...]
See attached patch with proposed patch (deny is intentionally after
allowing the SYS_SHUTDOWN). Can we have it fixed in OpenSSH portable?
Applied, thanks, also cherry picked onto the 7.5 branch.
The diff did not apply cleanly ("__NR_$syscall" vs "$syscall" so I
hand-edited it. I don't have access to one of these systems to test so
could you please confirm that I got it right?
If I see right, you put there two ss in socketcall [1]
After fixing that it builds just fine with this line:
+ SC_DENY(__NR_socketcall, EACCES),
[1] https://github.com/openssh/openssh-portable/commit/8b0eee14
Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
