https://bugzilla.mindrot.org/show_bug.cgi?id=2142
--- Comment #8 from Mike Frysinger <[email protected]> --- Comment on attachment 2563 --> https://bugzilla.mindrot.org/attachment.cgi?id=2563 libseccomp patch v2 >+static int >+seccomp_add_secondary_archs(scmp_filter_ctx *c) >+{ >+#if defined(__i386__) || defined(__x86_64__) >+ int r; >+ r = seccomp_arch_add(c, SCMP_ARCH_X86); >+ if (r < 0 && r != -EEXIST) >+ return r; >+ r = seccomp_arch_add(c, SCMP_ARCH_X86_64); >+ if (r < 0 && r != -EEXIST) >+ return r; >+ r = seccomp_arch_add(c, SCMP_ARCH_X32); >+ if (r < 0 && r != -EEXIST) >+ return r; >+#endif >+ return 0; >+} i don't think this is correct. there's no reason to permit alternative ABIs from the one you're currently executing as. x86/32bit should only permit the X86 ABI, x86_64/64bit should only permit the X86_64 ABI, and x86_64/32bit should only permit the X32 ABI. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
