aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2016-02-10 13:51:40 -0500
committerMike Frysinger <vapier@gentoo.org>2016-02-10 13:51:40 -0500
commit636c3d42a64a248945ca4c68f5fef605cc55f423 (patch)
treefd91e644584bfa13cfe91dd54947a3f6e1a124b2
parentlddtree: handle exceptions thrown when parsing other ELFs (diff)
downloadpax-utils-636c3d42a64a248945ca4c68f5fef605cc55f423.tar.gz
pax-utils-636c3d42a64a248945ca4c68f5fef605cc55f423.tar.bz2
pax-utils-636c3d42a64a248945ca4c68f5fef605cc55f423.zip
security: allow more read/write syscalls
Some C libraries might use these functions in different ways. Since they are fairly harmless to use, just whitelist all the read/write variants. URL: https://bugs.gentoo.org/571128 Reported-by: Vladimir Lushnikov <vladimir@vladimir.lu> Reported-by: Mias van Klei <miasvanklei@gmail.com>
-rw-r--r--security.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/security.c b/security.c
index ba74bee..b635ccf 100644
--- a/security.c
+++ b/security.c
@@ -72,6 +72,9 @@ static void pax_seccomp_init(bool allow_forking)
int base_syscalls[] = {
/* We write the most w/scanelf. */
SCMP_SYS(write),
+ SCMP_SYS(writev),
+ SCMP_SYS(pwrite64),
+ SCMP_SYS(pwritev),
/* Then the stat family of functions. */
SCMP_SYS(newfstatat),
@@ -102,6 +105,8 @@ static void pax_seccomp_init(bool allow_forking)
/* Then the file reading functions. */
SCMP_SYS(pread64),
SCMP_SYS(read),
+ SCMP_SYS(readv),
+ SCMP_SYS(preadv),
/* Then the fd manipulation functions. */
SCMP_SYS(fcntl),