diff options
Diffstat (limited to 'external/meta-openembedded/meta-networking/recipes-daemons/vsftpd')
3 files changed, 47 insertions, 44 deletions
diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch b/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch new file mode 100644 index 00000000..7573c967 --- /dev/null +++ b/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch @@ -0,0 +1,46 @@ +From dd353303f62d1dfe32cb000e482616b021708fbe Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Thu, 29 Nov 2018 00:47:34 -0800 +Subject: [PATCH] vsftpd: allow syscalls in the seccomp sandbox + +* Allow sysinfo() and getdents64 in the seccomp + sandbox otherwise comes below OOPS: priv_sock_get_cmd + as the syscall sysinfo() and getdents64 not allowed + +root@qemux86-64:~# tnftp 192.168.1.1 +Connected to 192.168.1.1. +220 (vsFTPd 3.0.3) +Name (192.168.1.1:root): anonymous +331 Please specify the password. +Password: +230 Login successful. +Remote system type is UNIX. +Using binary mode to transfer files. +ftp> prompt +Interactive mode off. +ftp> mget small* +OOPS: priv_sock_get_cmd + +Upstream-Status: Pending + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + seccompsandbox.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/seccompsandbox.c b/seccompsandbox.c +index 2c350a9..377c50e 100644 +--- a/seccompsandbox.c ++++ b/seccompsandbox.c +@@ -409,6 +409,8 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) + allow_nr(__NR_getcwd); + allow_nr(__NR_chdir); + allow_nr(__NR_getdents); ++ allow_nr(__NR_getdents64); ++ allow_nr(__NR_sysinfo); + /* Misc */ + allow_nr(__NR_umask); + +-- +2.17.1 + diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch b/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch deleted file mode 100644 index c6c0f80a..00000000 --- a/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.3/0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 9c4826c19f04da533886209361a2caddf582d65c Mon Sep 17 00:00:00 2001 -From: Mingli Yu <Mingli.Yu@windriver.com> -Date: Tue, 6 Sep 2016 17:17:44 +0800 -Subject: [PATCH] vsftpd: allow sysinfo() in the seccomp sandbox - -Upstream-Status: Pending - -* Allow sysinfo() in the seccomp sandbox otherwise - comes below OOPS: priv_sock_get_cmd as the syscall - sysinfo() not allowed - -tnftp 192.168.1.1 -Connected to 192.168.1.1. -220 (vsFTPd 3.0.3) -Name (192.168.1.1:root): anonymous -331 Please specify the password. -Password: -230 Login successful. -Remote system type is UNIX. -Using binary mode to transfer files. -ftp> prompt -Interactive mode off. -ftp> mget small* -OOPS: priv_sock_get_cmd - -Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> - ---- - seccompsandbox.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/seccompsandbox.c b/seccompsandbox.c -index 2c350a9..67d9ca5 100644 ---- a/seccompsandbox.c -+++ b/seccompsandbox.c -@@ -409,6 +409,7 @@ seccomp_sandbox_setup_postlogin(const struct vsf_session* p_sess) - allow_nr(__NR_getcwd); - allow_nr(__NR_chdir); - allow_nr(__NR_getdents); -+ allow_nr(__NR_sysinfo); - /* Misc */ - allow_nr(__NR_umask); - diff --git a/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb b/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb index 2e3e0e88..df0d7f45 100644 --- a/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb +++ b/external/meta-openembedded/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.3.bb @@ -18,7 +18,7 @@ SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \ file://volatiles.99_vsftpd \ file://vsftpd.service \ file://vsftpd-2.1.0-filter.patch \ - file://0001-vsftpd-allow-sysinfo-in-the-seccomp-sandbox.patch \ + file://0001-vsftpd-allow-syscalls-in-the-seccomp-sandbox.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', 'file://vsftpd-tcp_wrappers-support.patch', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '${NOPAM_SRC}', d)} \ file://0001-sysdeputil.c-Fix-with-musl-which-does-not-have-utmpx.patch \ |