Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 8b0eee148f7cf8b248c30d1bae57300f2cc5aafd
commit8b0eee148f7cf8b248c30d1bae57300f2cc5aafd[log] [tgz]
authorDarren Tucker <dtucker@zip.com.au>Mon Apr 24 19:40:31 2017 +1000
committerDarren Tucker <dtucker@zip.com.au>Mon Apr 24 19:40:31 2017 +1000
tree43f03a9987bea9971dbcbf81ad4666ab35e9427f
parentf8500b2be599053daa05248a86a743232ec6a536 [diff]
Deny socketcall in seccomp filter on ppc64le.

OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys
in privsep child. The socket() syscall is already denied in the seccomp
filter, but in ppc64le kernel, it is implemented using socketcall()
syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and
therefore fails hard.

Patch from jjelen at redhat.com.
1 file changed
tree: 43f03a9987bea9971dbcbf81ad4666ab35e9427f
  1. contrib/
  2. openbsd-compat/
  3. regress/
  4. .skipped-commit-ids
  5. aclocal.m4
  6. addrmatch.c
  7. atomicio.c
  8. atomicio.h
  9. audit-bsm.c
  10. audit-linux.c
  11. audit.c
  12. audit.h
  13. auth-bsdauth.c
  14. auth-krb5.c
  15. auth-options.c
  16. auth-options.h
  17. auth-pam.c
  18. auth-pam.h
  19. auth-passwd.c
  20. auth-rhosts.c
  21. auth-shadow.c
  22. auth-sia.c
  23. auth-sia.h
  24. auth-skey.c
  25. auth.c
  26. auth.h
  27. auth2-chall.c
  28. auth2-gss.c
  29. auth2-hostbased.c
  30. auth2-kbdint.c
  31. auth2-none.c
  32. auth2-passwd.c
  33. auth2-pubkey.c
  34. auth2.c
  35. authfd.c
  36. authfd.h
  37. authfile.c
  38. authfile.h
  39. bitmap.c
  40. bitmap.h
  41. blocks.c
  42. bufaux.c
  43. bufbn.c
  44. bufec.c
  45. buffer.c
  46. buffer.h
  47. buildpkg.sh.in
  48. canohost.c
  49. canohost.h
  50. chacha.c
  51. chacha.h
  52. channels.c
  53. channels.h
  54. cipher-3des1.c
  55. cipher-aes.c
  56. cipher-aesctr.c
  57. cipher-aesctr.h
  58. cipher-bf1.c
  59. cipher-chachapoly.c
  60. cipher-chachapoly.h
  61. cipher-ctr.c
  62. cipher.c
  63. cipher.h
  64. cleanup.c
  65. clientloop.c
  66. clientloop.h
  67. compat.c
  68. compat.h
  69. config.guess
  70. config.sub
  71. configure.ac
  72. crc32.c
  73. crc32.h
  74. CREDITS
  75. crypto_api.h
  76. deattack.c
  77. deattack.h
  78. defines.h
  79. dh.c
  80. dh.h
  81. digest-libc.c
  82. digest-openssl.c
  83. digest.h
  84. dispatch.c
  85. dispatch.h
  86. dns.c
  87. dns.h
  88. ed25519.c
  89. entropy.c
  90. entropy.h
  91. fatal.c
  92. fe25519.c
  93. fe25519.h
  94. fixalgorithms
  95. fixpaths
  96. fixprogs
  97. ge25519.c
  98. ge25519.h
  99. ge25519_base.data
  100. groupaccess.c
  101. groupaccess.h
  102. gss-genr.c
  103. gss-serv-krb5.c
  104. gss-serv.c
  105. hash.c
  106. hmac.c
  107. hmac.h
  108. hostfile.c
  109. hostfile.h
  110. includes.h
  111. INSTALL
  112. install-sh
  113. kex.c
  114. kex.h
  115. kexc25519.c
  116. kexc25519c.c
  117. kexc25519s.c
  118. kexdh.c
  119. kexdhc.c
  120. kexdhs.c
  121. kexecdh.c
  122. kexecdhc.c
  123. kexecdhs.c
  124. kexgex.c
  125. kexgexc.c
  126. kexgexs.c
  127. key.c
  128. key.h
  129. krl.c
  130. krl.h
  131. LICENCE
  132. log.c
  133. log.h
  134. loginrec.c
  135. loginrec.h
  136. logintest.c
  137. mac.c
  138. mac.h
  139. Makefile.in
  140. match.c
  141. match.h
  142. md5crypt.c
  143. md5crypt.h
  144. mdoc2man.awk
  145. misc.c
  146. misc.h
  147. mkinstalldirs
  148. moduli
  149. moduli.5
  150. moduli.c
  151. monitor.c
  152. monitor.h
  153. monitor_fdpass.c
  154. monitor_fdpass.h
  155. monitor_wrap.c
  156. monitor_wrap.h
  157. msg.c
  158. msg.h
  159. mux.c
  160. myproposal.h
  161. nchan.c
  162. nchan.ms
  163. nchan2.ms
  164. opacket.c
  165. opacket.h
  166. openssh.xml.in
  167. opensshd.init.in
  168. OVERVIEW
  169. packet.c
  170. packet.h
  171. pathnames.h
  172. pkcs11.h
  173. platform-pledge.c
  174. platform-tracing.c
  175. platform.c
  176. platform.h
  177. poly1305.c
  178. poly1305.h
  179. progressmeter.c
  180. progressmeter.h
  181. PROTOCOL
  182. PROTOCOL.agent
  183. PROTOCOL.certkeys
  184. PROTOCOL.chacha20poly1305
  185. PROTOCOL.key
  186. PROTOCOL.krl
  187. PROTOCOL.mux
  188. readconf.c
  189. readconf.h
  190. README
  191. README.dns
  192. README.platform
  193. README.privsep
  194. README.tun
  195. readpass.c
  196. rijndael.c
  197. rijndael.h
  198. rsa.c
  199. rsa.h
  200. sandbox-capsicum.c
  201. sandbox-darwin.c
  202. sandbox-null.c
  203. sandbox-pledge.c
  204. sandbox-rlimit.c
  205. sandbox-seccomp-filter.c
  206. sandbox-solaris.c
  207. sandbox-systrace.c
  208. sc25519.c
  209. sc25519.h
  210. scp.1
  211. scp.c
  212. servconf.c
  213. servconf.h
  214. serverloop.c
  215. serverloop.h
  216. session.c
  217. session.h
  218. sftp-client.c
  219. sftp-client.h
  220. sftp-common.c
  221. sftp-common.h
  222. sftp-glob.c
  223. sftp-server-main.c
  224. sftp-server.8
  225. sftp-server.c
  226. sftp.1
  227. sftp.c
  228. sftp.h
  229. smult_curve25519_ref.c
  230. ssh-add.1
  231. ssh-add.c
  232. ssh-agent.1
  233. ssh-agent.c
  234. ssh-dss.c
  235. ssh-ecdsa.c
  236. ssh-ed25519.c
  237. ssh-gss.h
  238. ssh-keygen.1
  239. ssh-keygen.c
  240. ssh-keyscan.1
  241. ssh-keyscan.c
  242. ssh-keysign.8
  243. ssh-keysign.c
  244. ssh-pkcs11-client.c
  245. ssh-pkcs11-helper.8
  246. ssh-pkcs11-helper.c
  247. ssh-pkcs11.c
  248. ssh-pkcs11.h
  249. ssh-rsa.c
  250. ssh-sandbox.h
  251. ssh.1
  252. ssh.c
  253. ssh.h
  254. ssh1.h
  255. ssh2.h
  256. ssh_api.c
  257. ssh_api.h
  258. ssh_config
  259. ssh_config.5
  260. sshbuf-getput-basic.c
  261. sshbuf-getput-crypto.c
  262. sshbuf-misc.c
  263. sshbuf.c
  264. sshbuf.h
  265. sshconnect.c
  266. sshconnect.h
  267. sshconnect1.c
  268. sshconnect2.c
  269. sshd.8
  270. sshd.c
  271. sshd_config
  272. sshd_config.5
  273. ssherr.c
  274. ssherr.h
  275. sshkey.c
  276. sshkey.h
  277. sshlogin.c
  278. sshlogin.h
  279. sshpty.c
  280. sshpty.h
  281. sshtty.c
  282. survey.sh.in
  283. TODO
  284. ttymodes.c
  285. ttymodes.h
  286. uidswap.c
  287. uidswap.h
  288. umac.c
  289. umac.h
  290. utf8.c
  291. utf8.h
  292. uuencode.c
  293. uuencode.h
  294. verify.c
  295. version.h
  296. xmalloc.c
  297. xmalloc.h