This is an automated email from the git hooks/post-receive script.
dtucker pushed a change to branch V_7_5
in repository openssh.
from f77e6b52 Don't check privsep user or path when unprivileged
new 295ac5e1 Deny socketcall in seccomp filter on ppc64le.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit 295ac5e15397e703c5f49d25954f5db91e05a9ce
Author: Darren Tucker <dtucker@zip.com.au>
Date: Mon Apr 24 19:40:31 2017 +1000
Deny socketcall in seccomp filter on ppc64le.
OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys
in privsep child. The socket() syscall is already denied in the seccomp
filter, but in ppc64le kernel, it is implemented using socketcall()
syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and
therefore fails hard.
Patch from jjelen at redhat.com.
Summary of changes:
sandbox-seccomp-filter.c | 1 +
1 file changed, 1 insertion(+)
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits
dtucker pushed a change to branch V_7_5
in repository openssh.
from f77e6b52 Don't check privsep user or path when unprivileged
new 295ac5e1 Deny socketcall in seccomp filter on ppc64le.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit 295ac5e15397e703c5f49d25954f5db91e05a9ce
Author: Darren Tucker <dtucker@zip.com.au>
Date: Mon Apr 24 19:40:31 2017 +1000
Deny socketcall in seccomp filter on ppc64le.
OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys
in privsep child. The socket() syscall is already denied in the seccomp
filter, but in ppc64le kernel, it is implemented using socketcall()
syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and
therefore fails hard.
Patch from jjelen at redhat.com.
Summary of changes:
sandbox-seccomp-filter.c | 1 +
1 file changed, 1 insertion(+)
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits