| Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 1 | From 9c4826c19f04da533886209361a2caddf582d65c Mon Sep 17 00:00:00 2001 |
| Patrick Williams | ddad1a1 | 2017-02-23 20:36:32 -0600 | [diff] [blame] | 2 | From: Mingli Yu <Mingli.Yu@windriver.com> |
| 3 | Date: Tue, 6 Sep 2016 17:17:44 +0800 |
| 4 | Subject: [PATCH] vsftpd: allow sysinfo() in the seccomp sandbox |
| 5 | |
| 6 | Upstream-Status: Pending |
| 7 | |
| 8 | * Allow sysinfo() in the seccomp sandbox otherwise |
| 9 | comes below OOPS: priv_sock_get_cmd as the syscall |
| 10 | sysinfo() not allowed |
| 11 | |
| 12 | tnftp 192.168.1.1 |
| 13 | Connected to 192.168.1.1. |
| 14 | 220 (vsFTPd 3.0.3) |
| 15 | Name (192.168.1.1:root): anonymous |
| 16 | 331 Please specify the password. |
| 17 | Password: |
| 18 | 230 Login successful. |
| 19 | Remote system type is UNIX. |
| 20 | Using binary mode to transfer files. |
| 21 | ftp> prompt |
| 22 | Interactive mode off. |
| 23 | ftp> mget small* |
| 24 | OOPS: priv_sock_get_cmd |
| 25 | |
| 26 | Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> |
| Brad Bishop | 316dfdd | 2018-06-25 12:45:53 -0400 | [diff] [blame] | 27 | |
| Patrick Williams | ddad1a1 | 2017-02-23 20:36:32 -0600 | [diff] [blame] | 28 | --- |
| 29 | seccompsandbox.c | 1 + |
| 30 | 1 file changed, 1 insertion(+) |
| 31 | |
| 32 | diff --git a/seccompsandbox.c b/seccompsandbox.c |
| 33 | index 2c350a9..67d9ca5 100644 |
| 34 | --- a/seccompsandbox.c |
| 35 | +++ b/seccompsandbox.c |
| 36 | @@ -409,6 +409,7 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) |
| 37 | allow_nr(__NR_getcwd); |
| 38 | allow_nr(__NR_chdir); |
| 39 | allow_nr(__NR_getdents); |
| 40 | + allow_nr(__NR_sysinfo); |
| 41 | /* Misc */ |
| 42 | allow_nr(__NR_umask); |
| 43 | |