From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-commits+bounces-842493-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8D66713888F for <garchives@archives.gentoo.org>; Mon, 26 Oct 2015 04:35:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E8544E0802; Mon, 26 Oct 2015 04:35:25 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 88559E0802 for <gentoo-commits@lists.gentoo.org>; Mon, 26 Oct 2015 04:35:25 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 56D90340702 for <gentoo-commits@lists.gentoo.org>; Mon, 26 Oct 2015 04:35:18 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 8BD411712 for <gentoo-commits@lists.gentoo.org>; Mon, 26 Oct 2015 04:35:13 +0000 (UTC) From: "Mike Frysinger" <vapier@gentoo.org> To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" <vapier@gentoo.org> Message-ID: <1445833348.353a328d1dc503bb2952f6c37b0fe6ad47fc5478.vapier@gentoo> Subject: [gentoo-commits] proj/pax-utils:master commit in: / X-VCS-Repository: proj/pax-utils X-VCS-Files: security.c X-VCS-Directories: / X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: 353a328d1dc503bb2952f6c37b0fe6ad47fc5478 X-VCS-Branch: master Date: Mon, 26 Oct 2015 04:35:13 +0000 (UTC) Precedence: bulk List-Post: <mailto:gentoo-commits@lists.gentoo.org> List-Help: <mailto:gentoo-commits+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org> X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: dee250b8-96e4-4c39-8354-08e013364528 X-Archives-Hash: 3e471d5475344022b0db564f44e61900 commit: 353a328d1dc503bb2952f6c37b0fe6ad47fc5478 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Mon Oct 26 04:22:28 2015 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Mon Oct 26 04:22:28 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=353a328d security: whitelist the getcwd syscall This might be run by the sandbox. Reported-by: Markus Oehme <oehme.markus <AT> gmx.de> URL: https://bugs.gentoo.org/562206 security.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security.c b/security.c index 8776a80..ba74bee 100644 --- a/security.c +++ b/security.c @@ -131,6 +131,7 @@ static void pax_seccomp_init(bool allow_forking) /* Syscalls listed because of sandbox. */ SCMP_SYS(readlink), + SCMP_SYS(getcwd), /* Syscalls listed because of fakeroot. */ SCMP_SYS(msgget),