Google Git
Sign in
cos / third_party / overlays / portage-stable / 41516899c94db76b1748a9c159590c8c9efabcbf
commit41516899c94db76b1748a9c159590c8c9efabcbf[log] [tgz]
authorJordan R Abrahams-Whitehead <ajordanr@google.com>Tue Aug 30 18:06:48 2022 +0000
committerChromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Aug 31 23:43:03 2022 +0000
tree5883c1522946aab0969f8f6e533f5c0362d570c0
parenta3d3bfc23beb11492120d768fa8be149905b3809 [diff]
openssh: Pick upstream fix for gettid seccomp

At present, the sshd child processes limit a number of syscalls
to reduce the attack surface. One of the blocked syscalls is
gettid. However, gettid is necessary for GWP-ASan support, scudo,
and some other allocators.

Upstream has already patched a fix for the issue. This CL cherrypicks
the upstream patch, moves it under a new cherry/ directory (to mimic
our other cherrypick schemes), and applies it accordingly.

BUG=b:225008839
TEST=emerge-volteer openssh; confirmed apply

Change-Id: If9f6330824b843428fb66b975d488e9f22b645e1
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/portage-stable/+/3863239
Tested-by: Jordan Abrahams-Whitehead <ajordanr@google.com>
Reviewed-by: Allen Webb <allenwebb@google.com>
Commit-Queue: Jordan Abrahams-Whitehead <ajordanr@google.com>
2 files changed
tree: 5883c1522946aab0969f8f6e533f5c0362d570c0
  1. app-accessibility/
  2. app-admin/
  3. app-arch/
  4. app-benchmarks/
  5. app-cdr/
  6. app-crypt/
  7. app-doc/
  8. app-editors/
  9. app-emacs/
  10. app-emulation/
  11. app-eselect/
  12. app-misc/
  13. app-mobilephone/
  14. app-portage/
  15. app-shells/
  16. app-text/
  17. app-vim/
  18. dev-cpp/
  19. dev-db/
  20. dev-embedded/
  21. dev-haskell/
  22. dev-java/
  23. dev-lang/
  24. dev-libs/
  25. dev-perl/
  26. dev-python/
  27. dev-tcltk/
  28. dev-util/
  29. dev-vcs/
  30. eclass/
  31. games-emulation/
  32. games-util/
  33. gnome-base/
  34. gnome-extra/
  35. licenses/
  36. media-fonts/
  37. media-gfx/
  38. media-libs/
  39. media-plugins/
  40. media-sound/
  41. metadata/
  42. net-analyzer/
  43. net-dialup/
  44. net-dns/
  45. net-firewall/
  46. net-fs/
  47. net-ftp/
  48. net-libs/
  49. net-misc/
  50. net-nds/
  51. net-print/
  52. net-proxy/
  53. net-vpn/
  54. net-wireless/
  55. perl-core/
  56. profiles/
  57. sci-calculators/
  58. sci-electronics/
  59. sci-libs/
  60. sys-apps/
  61. sys-auth/
  62. sys-block/
  63. sys-boot/
  64. sys-cluster/
  65. sys-devel/
  66. sys-firmware/
  67. sys-fs/
  68. sys-libs/
  69. sys-power/
  70. sys-process/
  71. virtual/
  72. www-apps/
  73. www-servers/
  74. x11-apps/
  75. x11-base/
  76. x11-libs/
  77. x11-misc/
  78. .gitignore
  79. OWNERS
  80. OWNERS.general
  81. PRESUBMIT.cfg
  82. README