commit: 636c3d42a64a248945ca4c68f5fef605cc55f423 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Wed Feb 10 18:51:40 2016 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Wed Feb 10 18:51:40 2016 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=636c3d42
security: allow more read/write syscalls Some C libraries might use these functions in different ways. Since they are fairly harmless to use, just whitelist all the read/write variants. URL: https://bugs.gentoo.org/571128 Reported-by: Vladimir Lushnikov <vladimir <AT> vladimir.lu> Reported-by: Mias van Klei <miasvanklei <AT> gmail.com> security.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security.c b/security.c index ba74bee..b635ccf 100644 --- a/security.c +++ b/security.c @@ -72,6 +72,9 @@ static void pax_seccomp_init(bool allow_forking) int base_syscalls[] = { /* We write the most w/scanelf. */ SCMP_SYS(write), + SCMP_SYS(writev), + SCMP_SYS(pwrite64), + SCMP_SYS(pwritev), /* Then the stat family of functions. */ SCMP_SYS(newfstatat), @@ -102,6 +105,8 @@ static void pax_seccomp_init(bool allow_forking) /* Then the file reading functions. */ SCMP_SYS(pread64), SCMP_SYS(read), + SCMP_SYS(readv), + SCMP_SYS(preadv), /* Then the fd manipulation functions. */ SCMP_SYS(fcntl),
