GSSAPI requires futex syscall in privsep child (#1395288)

2016-11-16 08:38:35 +01:00 · 2016-11-16 08:38:35 +01:00 · c79ade1296
parent 567d83cf01
commit c79ade1296
1 changed files with 14 additions and 0 deletions
--- a/openssh-7.2p1-gsskex.patch
+++ b/openssh-7.2p1-gsskex.patch
@ -2777,3 +2777,17 @@ index b2f9658..2d33ff7 100644
 		    dh->p, dh->g,
 		    dh_client_pub,
 		    dh->pub_key,
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 3e6f982..4c2653f 100644
+--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
+@@ -213,6 +213,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_write
+ 	SC_ALLOW(write),
+ #endif
+#ifdef __NR_futex
+	SC_ALLOW(futex), /* for GSSAPI Kex */
+#endif
+ #ifdef __NR_socketcall
+ 	SC_ALLOW_ARG(socketcall, 0, SYS_SHUTDOWN),
+ #endif