From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 54141139BC8 for ; Sat, 19 Sep 2015 06:27:14 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 94200E089E; Sat, 19 Sep 2015 06:27:12 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2F63FE089E for ; Sat, 19 Sep 2015 06:27:12 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 05931340ACE for ; Sat, 19 Sep 2015 06:27:10 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 47FF518C for ; Sat, 19 Sep 2015 06:27:08 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1442639326.1f7a936b5cd7673275540ef73fdeb29fba821a15.vapier@gentoo> Subject: [gentoo-commits] proj/pax-utils:master commit in: / X-VCS-Repository: proj/pax-utils X-VCS-Files: security.c X-VCS-Directories: / X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: 1f7a936b5cd7673275540ef73fdeb29fba821a15 X-VCS-Branch: master Date: Sat, 19 Sep 2015 06:27:08 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: cb26404e-7335-4f8b-915e-78a988faeb6d X-Archives-Hash: cac39b4235c597cc082e4f9a9e039c93 commit: 1f7a936b5cd7673275540ef73fdeb29fba821a15 Author: Mike Frysinger gentoo org> AuthorDate: Sat Sep 19 05:08:46 2015 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Sat Sep 19 05:08:46 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1f7a936b security: whitelist the futex syscall When building with openmp, often libpthread is linked in and code automatically generated using it. That means lower mutexes end up calling the futex syscall. This isn't just when pax-utils is built with openmp, but it also applies when libraries it links with are built with openmp. Reported-by: florianmey gmx.de URL: https://bugs.gentoo.org/559814 security.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security.c b/security.c index da881e8..af06dcb 100644 --- a/security.c +++ b/security.c @@ -123,6 +123,9 @@ static void pax_seccomp_init(bool allow_forking) SCMP_SYS(_llseek), SCMP_SYS(mprotect), + /* Syscalls listed because of compiler settings. */ + SCMP_SYS(futex), + /* Syscalls listed because of sandbox. */ SCMP_SYS(readlink),