Deny (non-fatal) statx in preauth privsep child.

author: Luca Weiss <luca@z3ntu.xyz> 2020-11-08 14:19:23 +0100
committer: Darren Tucker <dtucker@dtucker.net> 2021-02-05 13:56:26 +1100
commit: 2e0beff67def2120f4b051b1016d7fbf84823e78 (patch)
tree: 057a1f1f14492a68e7df810b34bac42a107475b0 /sandbox-seccomp-filter.c
parent: a35d3e911e193a652bd09eed40907e3e165b0a7b (diff)
download: openssh-git-2e0beff67def2120f4b051b1016d7fbf84823e78.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 5065ae7e..d942b5e1 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -181,6 +181,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_ipc
 	SC_DENY(__NR_ipc, EACCES),
 #endif
+#ifdef __NR_statx
+	SC_DENY(__NR_statx, EACCES),
+#endif
 
 	/* Syscalls to permit */
 #ifdef __NR_brk
author	Luca Weiss <luca@z3ntu.xyz>	2020-11-08 14:19:23 +0100
committer	Darren Tucker <dtucker@dtucker.net>	2021-02-05 13:56:26 +1100
commit	2e0beff67def2120f4b051b1016d7fbf84823e78 (patch)
tree	057a1f1f14492a68e7df810b34bac42a107475b0 /sandbox-seccomp-filter.c
parent	a35d3e911e193a652bd09eed40907e3e165b0a7b (diff)
download	openssh-git-2e0beff67def2120f4b051b1016d7fbf84823e78.tar.gz