diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-06-29 22:35:12 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-06-30 08:36:34 +1000 |
| commit | 512caddf590857af6aa12218461b5c0441028cf5 (patch) | |
| tree | fd1beaf73f1494a669187f985b7070c704c18384 | |
| parent | 78c2a4f883ea9aba866358e2acd9793a7f42ca93 (diff) | |
upstream commit
add getpid to sandbox, reachable by grace_alarm_handler
reported by Jakub Jelen; bz#2419
Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
| -rw-r--r-- | sandbox-seccomp-filter.c | 3 | ||||
| -rw-r--r-- | sandbox-systrace.c | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index ef9d6fa26..2462bcc88 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
| @@ -141,6 +141,9 @@ static const struct sock_filter preauth_insns[] = { | |||
| 141 | #ifdef __NR_exit_group | 141 | #ifdef __NR_exit_group |
| 142 | SC_ALLOW(exit_group), | 142 | SC_ALLOW(exit_group), |
| 143 | #endif | 143 | #endif |
| 144 | #ifdef __NR_getpgid | ||
| 145 | SC_ALLOW(getpgid), | ||
| 146 | #endif | ||
| 144 | #ifdef __NR_getpid | 147 | #ifdef __NR_getpid |
| 145 | SC_ALLOW(getpid), | 148 | SC_ALLOW(getpid), |
| 146 | #endif | 149 | #endif |
diff --git a/sandbox-systrace.c b/sandbox-systrace.c index f8a552898..03b0d40cc 100644 --- a/sandbox-systrace.c +++ b/sandbox-systrace.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sandbox-systrace.c,v 1.15 2015/05/18 15:06:05 deraadt Exp $ */ | 1 | /* $OpenBSD: sandbox-systrace.c,v 1.16 2015/06/29 22:35:12 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> |
| 4 | * | 4 | * |
| @@ -61,6 +61,7 @@ static const struct sandbox_policy preauth_policy[] = { | |||
| 61 | { SYS___sysctl, SYSTR_POLICY_PERMIT }, | 61 | { SYS___sysctl, SYSTR_POLICY_PERMIT }, |
| 62 | #endif | 62 | #endif |
| 63 | { SYS_getpid, SYSTR_POLICY_PERMIT }, | 63 | { SYS_getpid, SYSTR_POLICY_PERMIT }, |
| 64 | { SYS_getpgid, SYSTR_POLICY_PERMIT }, | ||
| 64 | { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, | 65 | { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, |
| 65 | { SYS_madvise, SYSTR_POLICY_PERMIT }, | 66 | { SYS_madvise, SYSTR_POLICY_PERMIT }, |
| 66 | { SYS_mmap, SYSTR_POLICY_PERMIT }, | 67 | { SYS_mmap, SYSTR_POLICY_PERMIT }, |