kentpeacock / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
1d31ef
diff -up openssh-7.4p1/sandbox-seccomp-filter.c.sandbox openssh-7.4p1/sandbox-seccomp-filter.c
1d31ef
--- openssh-7.4p1/sandbox-seccomp-filter.c.sandbox	2017-04-21 13:30:49.692650798 +0200
1d31ef
+++ openssh-7.4p1/sandbox-seccomp-filter.c	2017-04-21 13:30:52.259647579 +0200
1d31ef
@@ -215,6 +215,7 @@ static const struct sock_filter preauth_
1d31ef
 #endif
1d31ef
 #ifdef __NR_socketcall
1d31ef
 	SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
1d31ef
+	SC_DENY(socketcall, EACCES),
1d31ef
 #endif
1d31ef
 
1d31ef
 	/* Default deny */