upstream commit

add getpid to sandbox, reachable by grace_alarm_handler

reported by Jakub Jelen; bz#2419

Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
This commit is contained in:
djm@openbsd.org 2015-06-29 22:35:12 +00:00 committed by Damien Miller
parent 78c2a4f883
commit 512caddf59
2 changed files with 5 additions and 1 deletions

View File

@ -141,6 +141,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_exit_group
SC_ALLOW(exit_group),
#endif
#ifdef __NR_getpgid
SC_ALLOW(getpgid),
#endif
#ifdef __NR_getpid
SC_ALLOW(getpid),
#endif

View File

@ -1,4 +1,4 @@
/* $OpenBSD: sandbox-systrace.c,v 1.15 2015/05/18 15:06:05 deraadt Exp $ */
/* $OpenBSD: sandbox-systrace.c,v 1.16 2015/06/29 22:35:12 djm Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
@ -61,6 +61,7 @@ static const struct sandbox_policy preauth_policy[] = {
{ SYS___sysctl, SYSTR_POLICY_PERMIT },
#endif
{ SYS_getpid, SYSTR_POLICY_PERMIT },
{ SYS_getpgid, SYSTR_POLICY_PERMIT },
{ SYS_gettimeofday, SYSTR_POLICY_PERMIT },
{ SYS_madvise, SYSTR_POLICY_PERMIT },
{ SYS_mmap, SYSTR_POLICY_PERMIT },