File openssh-6.6p1-seccomp_getuid.patch of Package openssh.295

# HG changeset patch
# Parent 7c4f4104d804c6f27ca9618f981240982bf60ae9
add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread
from being killed by the seccomp filter

diff --git a/openssh-6.6p1/sandbox-seccomp-filter.c b/openssh-6.6p1/sandbox-seccomp-filter.c
--- a/openssh-6.6p1/sandbox-seccomp-filter.c
+++ b/openssh-6.6p1/sandbox-seccomp-filter.c
@@ -85,16 +85,20 @@ static const struct sock_filter preauth_
 		offsetof(struct seccomp_data, arch)),
 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
 	BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
 	/* Load the syscall number for checking. */
 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
 		offsetof(struct seccomp_data, nr)),
 	SC_DENY(open, EACCES),
 	SC_ALLOW(getpid),
+	SC_ALLOW(getuid),
+#ifdef __NR_getuid32
+	SC_ALLOW(getuid32),
+#endif
 	SC_ALLOW(gettimeofday),
 	SC_ALLOW(clock_gettime),
 #ifdef __NR_time /* not defined on EABI ARM */
 	SC_ALLOW(time),
 #endif
 	SC_ALLOW(read),
 	SC_ALLOW(write),
 	SC_ALLOW(close),
openSUSE Build Service is sponsored by