| Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 1 | From dd353303f62d1dfe32cb000e482616b021708fbe Mon Sep 17 00:00:00 2001 |
| 2 | From: Mingli Yu <mingli.yu@windriver.com> |
| 3 | Date: Thu, 29 Nov 2018 00:47:34 -0800 |
| 4 | Subject: [PATCH] vsftpd: allow syscalls in the seccomp sandbox |
| 5 | |
| 6 | * Allow sysinfo() and getdents64 in the seccomp |
| 7 | sandbox otherwise comes below OOPS: priv_sock_get_cmd |
| 8 | as the syscall sysinfo() and getdents64 not allowed |
| 9 | |
| 10 | root@qemux86-64:~# tnftp 192.168.1.1 |
| 11 | Connected to 192.168.1.1. |
| 12 | 220 (vsFTPd 3.0.3) |
| 13 | Name (192.168.1.1:root): anonymous |
| 14 | 331 Please specify the password. |
| 15 | Password: |
| 16 | 230 Login successful. |
| 17 | Remote system type is UNIX. |
| 18 | Using binary mode to transfer files. |
| 19 | ftp> prompt |
| 20 | Interactive mode off. |
| 21 | ftp> mget small* |
| 22 | OOPS: priv_sock_get_cmd |
| 23 | |
| 24 | Upstream-Status: Pending |
| 25 | |
| 26 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> |
| 27 | --- |
| 28 | seccompsandbox.c | 2 ++ |
| 29 | 1 file changed, 2 insertions(+) |
| 30 | |
| 31 | diff --git a/seccompsandbox.c b/seccompsandbox.c |
| 32 | index 2c350a9..377c50e 100644 |
| 33 | --- a/seccompsandbox.c |
| 34 | +++ b/seccompsandbox.c |
| 35 | @@ -409,6 +409,8 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) |
| 36 | allow_nr(__NR_getcwd); |
| 37 | allow_nr(__NR_chdir); |
| 38 | allow_nr(__NR_getdents); |
| 39 | + allow_nr(__NR_getdents64); |
| 40 | + allow_nr(__NR_sysinfo); |
| 41 | /* Misc */ |
| 42 | allow_nr(__NR_umask); |
| 43 | |
| 44 | -- |
| 45 | 2.17.1 |
| 46 | |