diff options
author | Carlos Garnacho <carlosg@gnome.org> | 2017-02-23 11:08:51 +0100 |
---|---|---|
committer | Carlos Garnacho <carlosg@gnome.org> | 2017-02-24 17:20:52 +0100 |
commit | 55ddbde2905af2cc0aa3712b197f8d1c5ef9b575 (patch) | |
tree | 3c37d094008abe3686f483e4709bcbdbfc9a92b6 | |
parent | c2eaeecb47497249d08b716d4db8d5d29566ae74 (diff) | |
download | tracker-55ddbde2905af2cc0aa3712b197f8d1c5ef9b575.tar.gz |
libtracker-common: Be more lenient with dup2/dup3
And allow these to manipulate stdin/out/err. They may close file
descriptors, but they don't grant access to anything the process
wouldn't have already access for, anyway.
-rw-r--r-- | src/libtracker-common/tracker-seccomp.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/src/libtracker-common/tracker-seccomp.c b/src/libtracker-common/tracker-seccomp.c index 9ab4fb4d3..1af380c93 100644 --- a/src/libtracker-common/tracker-seccomp.c +++ b/src/libtracker-common/tracker-seccomp.c @@ -143,6 +143,8 @@ tracker_seccomp_init (void) ALLOW_RULE (write); ALLOW_RULE (writev); ALLOW_RULE (dup); + ALLOW_RULE (dup2); + ALLOW_RULE (dup3); /* Needed by some GStreamer modules doing crazy stuff, less * scary thanks to the restriction below about sockets being * local. @@ -193,14 +195,6 @@ tracker_seccomp_init (void) SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0) goto out; - /* Special requirements for dup2/dup3, no fiddling with stdin/out/err */ - if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 1, - SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0) - goto out; - if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 1, - SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0) - goto out; - g_debug ("Loading seccomp rules."); if (seccomp_load (ctx) >= 0) |