Deny (non-fatal) statx in preauth privsep child.

author: Luca Weiss <luca@z3ntu.xyz> 2020-11-08 14:19:23 +0100
committer: Darren Tucker <dtucker@dtucker.net> 2021-02-05 03:56:26 +0100
commit: 2e0beff67def2120f4b051b1016d7fbf84823e78 (patch)
tree: 057a1f1f14492a68e7df810b34bac42a107475b0 /sandbox-seccomp-filter.c
parent: upstream: Remove debug message from sigchld handler. While this (diff)
download: openssh-2e0beff67def2120f4b051b1016d7fbf84823e78.tar.xz
openssh-2e0beff67def2120f4b051b1016d7fbf84823e78.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 5065ae7ef..d942b5e16 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -181,6 +181,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_ipc
 	SC_DENY(__NR_ipc, EACCES),
 #endif
+#ifdef __NR_statx
+	SC_DENY(__NR_statx, EACCES),
+#endif
 
 	/* Syscalls to permit */
 #ifdef __NR_brk
author	Luca Weiss <luca@z3ntu.xyz>	2020-11-08 14:19:23 +0100
committer	Darren Tucker <dtucker@dtucker.net>	2021-02-05 03:56:26 +0100
commit	2e0beff67def2120f4b051b1016d7fbf84823e78 (patch)
tree	057a1f1f14492a68e7df810b34bac42a107475b0 /sandbox-seccomp-filter.c
parent	upstream: Remove debug message from sigchld handler. While this (diff)
download	openssh-2e0beff67def2120f4b051b1016d7fbf84823e78.tar.xz openssh-2e0beff67def2120f4b051b1016d7fbf84823e78.zip