Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

seccomp2: Add "shutdown" to the list of permitted system calls.

We don't use this syscall, but openssl apparently does.

(This syscall puts a socket into a half-closed state. Don't worry:
It doesn't shut down the system or anything.)

Fixes bug 28183; bugfix on 0.2.5.1-alpha where the sandbox was
introduced.
Nick Mathewson 5 years ago
parent
46796623f9
commit
0e5378feec
2 changed files with 5 additions and 1 deletions
Split View Show Diff Stats
  1. 4 0
      changes/bug28183
  2. 1 1
      src/common/sandbox.c

+ 4 - 0
changes/bug28183
View File 

@@ -0,0 +1,4 @@
 
+  o Minor bugfixes (Linux seccomp2 sandbox):
 
+    - Permit the "shutdown()" system call, which is apparently
 
+      used by OpenSSL under some circumstances. Fixes bug 28183;
 
+      bugfix on 0.2.5.1-alpha.

+ 1 - 1
src/common/sandbox.c
View File 

@@ -205,6 +205,7 @@ static int filter_nopar_gen[] = {
 
 #ifdef __NR_setrlimit
 
     SCMP_SYS(setrlimit),
 
 #endif
 
+    SCMP_SYS(shutdown),
 
 #ifdef __NR_sigaltstack
 
     SCMP_SYS(sigaltstack),
 
 #endif
 
@@ -2013,4 +2014,3 @@ sandbox_disable_getaddrinfo_cache(void)
 
 {
 
 }
 
 #endif
 
-