diff options
author | Carlos Garnacho <carlosg@gnome.org> | 2016-12-17 15:45:21 +0100 |
---|---|---|
committer | Carlos Garnacho <carlosg@gnome.org> | 2017-01-19 11:37:45 +0100 |
commit | a9d09d9539ae06e66840d96bc4553e883bed2072 (patch) | |
tree | 4e0802fa436908e992bd00ceae07fe154633fec1 | |
parent | 87fa852eecddeb6cc1d20a6cf5eb61764d9201d3 (diff) | |
download | tracker-a9d09d9539ae06e66840d96bc4553e883bed2072.tar.gz |
libtracker-common: Whitelist dup/dup2/dup3
dup2/3 have special requirements, as they can close underlying
fds, they are not allowed on stdin/out/err.
-rw-r--r-- | src/libtracker-common/tracker-seccomp.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/libtracker-common/tracker-seccomp.c b/src/libtracker-common/tracker-seccomp.c index e00fe1494..c46dfa6af 100644 --- a/src/libtracker-common/tracker-seccomp.c +++ b/src/libtracker-common/tracker-seccomp.c @@ -129,6 +129,7 @@ tracker_seccomp_init (void) ALLOW_RULE (fadvise64); ALLOW_RULE (write); ALLOW_RULE (writev); + ALLOW_RULE (dup); /* Needed by some GStreamer modules doing crazy stuff, less * scary thanks to the restriction below about sockets being * local. @@ -179,6 +180,14 @@ tracker_seccomp_init (void) SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0) goto out; + /* Special requirements for dup2/dup3, no fiddling with stdin/out/err */ + if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 1, + SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0) + goto out; + if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 1, + SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0) + goto out; + g_debug ("Loading seccomp rules."); if (seccomp_load (ctx) >= 0) |