Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
vsftpd
vsftpd-allow-dev-log-socket.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File vsftpd-allow-dev-log-socket.patch of Package vsftpd
From: mvyskocil@suse.com Subject: enable /dev/log related socket call Linux-PAM try to open /dev/log, but as socket is not enabled in seccomp sandbox, daemon is killed by SIGSYS. Because the attempt is made by process with RLIMIT_NOFILE, the correct fix would be to test if we can open a new fd in pam. Anyway I would say the risc is small, and other socket syscalls are disabled. Fixes: https://bugzilla.novell.com/show_bug.cgi?id=786024 Index: vsftpd-3.0.5/seccompsandbox.c =================================================================== --- vsftpd-3.0.5.orig/seccompsandbox.c 2022-02-02 11:03:38.133860169 +0100 +++ vsftpd-3.0.5/seccompsandbox.c 2022-02-02 11:03:38.177859528 +0100 @@ -366,6 +366,15 @@ seccomp_sandbox_init() { bug("bad state in seccomp_sandbox_init"); } + + //this is very probably an attempt to open /dev/log + //it fails because process cannot open any file, so it might be safe + //socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = -1 EMFILE (Too many open files) + allow_nr_3_arg_match(__NR_socket, + 1, PF_FILE, + 2, SOCK_DGRAM | SOCK_CLOEXEC, + 3, 0); + } void
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor