diff options
author | Damien Miller <djm@mindrot.org> | 2017-03-14 12:24:47 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-03-14 12:41:53 +1100 |
commit | 9e96b41682aed793fadbea5ccd472f862179fb02 (patch) | |
tree | 8f28c1e60284176348973ff19101785772e18bb8 /regress/unittests | |
parent | 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 (diff) |
Fix weakness in seccomp-bpf sandbox arg inspection
Syscall arguments are passed via an array of 64-bit values in struct
seccomp_data, but we were only inspecting the bottom 32 bits and not
even those correctly for BE systems.
Fortunately, the only case argument inspection was used was in the
socketcall filtering so using this for sandbox escape seems
impossible.
ok dtucker
Diffstat (limited to 'regress/unittests')
0 files changed, 0 insertions, 0 deletions