diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2016-02-10 13:51:40 -0500 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2016-02-10 13:51:40 -0500 |
| commit | 636c3d42a64a248945ca4c68f5fef605cc55f423 (patch) | |
| tree | fd91e644584bfa13cfe91dd54947a3f6e1a124b2 /security.c | |
| parent | lddtree: handle exceptions thrown when parsing other ELFs (diff) | |
| download | pax-utils-636c3d42a64a248945ca4c68f5fef605cc55f423.tar.gz pax-utils-636c3d42a64a248945ca4c68f5fef605cc55f423.tar.bz2 pax-utils-636c3d42a64a248945ca4c68f5fef605cc55f423.zip | |
security: allow more read/write syscalls
Some C libraries might use these functions in different ways. Since they
are fairly harmless to use, just whitelist all the read/write variants.
URL: https://bugs.gentoo.org/571128
Reported-by: Vladimir Lushnikov <vladimir@vladimir.lu>
Reported-by: Mias van Klei <miasvanklei@gmail.com>
Diffstat (limited to 'security.c')
| -rw-r--r-- | security.c | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -72,6 +72,9 @@ static void pax_seccomp_init(bool allow_forking) int base_syscalls[] = { /* We write the most w/scanelf. */ SCMP_SYS(write), + SCMP_SYS(writev), + SCMP_SYS(pwrite64), + SCMP_SYS(pwritev), /* Then the stat family of functions. */ SCMP_SYS(newfstatat), @@ -102,6 +105,8 @@ static void pax_seccomp_init(bool allow_forking) /* Then the file reading functions. */ SCMP_SYS(pread64), SCMP_SYS(read), + SCMP_SYS(readv), + SCMP_SYS(preadv), /* Then the fd manipulation functions. */ SCMP_SYS(fcntl), |