Is it safe to modify sandbox-seccomp-filter?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi openssh-unix-dev,

I'm upgrading the openssh in our system from 6.6 to 7.6. The option
UsePrivilegeSeparation for sshd has been deprecated since 7.5. We used to
set it to yes but it's now sandbox by default.

We are using futex which is not allowed with sandbox. So I have to manually
add the following code change to sandbox-seccomp-filter.c to make it work.

> #ifdef __NR_futex
>         SC_ALLOW(__NR_futex),
> #endif


Will this change cause any security issue?

Thanks,
Wenyi


-- 
Wenyi Cheng
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux