[gentoo-commits] proj/pax-utils:master commit in: /

Mike Frysinger Fri, 11 Sep 2015 21:19:07 -0700

commit:     ee6925b66697de51d6aa9ecfde56a95129150035
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 12 03:56:23 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Sep 12 03:56:23 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ee6925b6


security: whitelist dup syscalls

These are used by freopen internally, so whitelist them all.
They're pretty benign at any rate.

 security.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security.c b/security.c
index af264ae..da881e8 100644
--- a/security.c
+++ b/security.c
@@ -109,6 +109,9 @@ static void pax_seccomp_init(bool allow_forking)
                SCMP_SYS(brk),
                SCMP_SYS(capget),
                SCMP_SYS(chdir),
+               SCMP_SYS(dup),
+               SCMP_SYS(dup2),
+               SCMP_SYS(dup3),
                SCMP_SYS(exit),
                SCMP_SYS(exit_group),
                SCMP_SYS(faccessat),

[gentoo-commits] proj/pax-utils:master commit in: /

Reply via email to