rcolebaugh / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
b58e57
diff -up openssh-7.4p1/sandbox-seccomp-filter.c.sandbox openssh-7.4p1/sandbox-seccomp-filter.c
b58e57
--- openssh-7.4p1/sandbox-seccomp-filter.c.sandbox	2017-04-21 13:30:49.692650798 +0200
b58e57
+++ openssh-7.4p1/sandbox-seccomp-filter.c	2017-04-21 13:30:52.259647579 +0200
b58e57
@@ -215,6 +215,7 @@ static const struct sock_filter preauth_
b58e57
 #endif
b58e57
 #ifdef __NR_socketcall
b58e57
 	SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
b58e57
+	SC_DENY(socketcall, EACCES),
b58e57
 #endif
b58e57
 
b58e57
 	/* Default deny */