Inital commit
This commit is contained in:
commit
74c2d3a9a4
|
@ -0,0 +1,104 @@
|
|||
From f61e588cef7152d219151b2a3b644362de9a0af4 Mon Sep 17 00:00:00 2001
|
||||
From: root <root@artificer.my.domain>
|
||||
Date: Sat, 16 May 2020 21:27:26 -0400
|
||||
Subject: [PATCH] Patches needed to run luajit
|
||||
|
||||
---
|
||||
src/http.c | 2 +-
|
||||
src/keymgr.c | 5 ++++-
|
||||
src/seccomp.c | 18 ++++++++++++++++--
|
||||
3 files changed, 21 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/http.c b/src/http.c
|
||||
index 82f5992..71785f1 100644
|
||||
--- a/src/http.c
|
||||
+++ b/src/http.c
|
||||
@@ -1017,7 +1017,7 @@ http_argument_urldecode(char *arg)
|
||||
if (err != KORE_RESULT_OK)
|
||||
return (err);
|
||||
|
||||
- if (v <= 0x1f || v == 0x7f)
|
||||
+ if ((v <= 0x1f && v != '\n' && v != '\r') || v == 0x7f)
|
||||
return (KORE_RESULT_ERROR);
|
||||
|
||||
*in++ = (char)v;
|
||||
diff --git a/src/keymgr.c b/src/keymgr.c
|
||||
index f20580b..a23d815 100644
|
||||
--- a/src/keymgr.c
|
||||
+++ b/src/keymgr.c
|
||||
@@ -81,7 +81,7 @@ static struct sock_filter filter_keymgr[] = {
|
||||
KORE_SYSCALL_ALLOW(lseek),
|
||||
KORE_SYSCALL_ALLOW(write),
|
||||
KORE_SYSCALL_ALLOW(close),
|
||||
- KORE_SYSCALL_ALLOW(stat),
|
||||
+ KORE_SYSCALL_ALLOW(statx),
|
||||
KORE_SYSCALL_ALLOW(fstat),
|
||||
KORE_SYSCALL_ALLOW(futex),
|
||||
KORE_SYSCALL_ALLOW(writev),
|
||||
@@ -99,6 +99,9 @@ static struct sock_filter filter_keymgr[] = {
|
||||
KORE_SYSCALL_ALLOW(recvfrom),
|
||||
#if defined(SYS_epoll_wait)
|
||||
KORE_SYSCALL_ALLOW(epoll_wait),
|
||||
+#endif
|
||||
+#if defined(SYS_epoll_ctl)
|
||||
+ KORE_SYSCALL_ALLOW(epoll_ctl),
|
||||
#endif
|
||||
KORE_SYSCALL_ALLOW(epoll_pwait),
|
||||
|
||||
diff --git a/src/seccomp.c b/src/seccomp.c
|
||||
index 505ac0b..bc04b67 100644
|
||||
--- a/src/seccomp.c
|
||||
+++ b/src/seccomp.c
|
||||
@@ -55,18 +55,29 @@ static struct sock_filter filter_kore[] = {
|
||||
KORE_SYSCALL_ALLOW(open),
|
||||
#endif
|
||||
KORE_SYSCALL_ALLOW(read),
|
||||
+#if defined(SYS_readv)
|
||||
+ KORE_SYSCALL_ALLOW(readv),
|
||||
+#endif
|
||||
#if defined(SYS_stat)
|
||||
KORE_SYSCALL_ALLOW(stat),
|
||||
#endif
|
||||
+#if defined(SYS_statx)
|
||||
+ KORE_SYSCALL_ALLOW(statx),
|
||||
+#endif
|
||||
#if defined(SYS_lstat)
|
||||
KORE_SYSCALL_ALLOW(lstat),
|
||||
#endif
|
||||
KORE_SYSCALL_ALLOW(fstat),
|
||||
+ KORE_SYSCALL_ALLOW(fchown),
|
||||
KORE_SYSCALL_ALLOW(write),
|
||||
KORE_SYSCALL_ALLOW(fcntl),
|
||||
KORE_SYSCALL_ALLOW(lseek),
|
||||
KORE_SYSCALL_ALLOW(close),
|
||||
KORE_SYSCALL_ALLOW(openat),
|
||||
+ KORE_SYSCALL_ALLOW(newfstatat),
|
||||
+ KORE_SYSCALL_ALLOW(unlinkat),
|
||||
+ KORE_SYSCALL_ALLOW(fsync),
|
||||
+ KORE_SYSCALL_ALLOW(fdatasync),
|
||||
#if defined(SYS_access)
|
||||
KORE_SYSCALL_ALLOW(access),
|
||||
#endif
|
||||
@@ -87,14 +98,17 @@ static struct sock_filter filter_kore[] = {
|
||||
KORE_SYSCALL_ALLOW(geteuid),
|
||||
KORE_SYSCALL_ALLOW(exit_group),
|
||||
KORE_SYSCALL_ALLOW(nanosleep),
|
||||
+ KORE_SYSCALL_ALLOW(clone),
|
||||
+ KORE_SYSCALL_ALLOW(wait4),
|
||||
|
||||
/* Memory related. */
|
||||
KORE_SYSCALL_ALLOW(brk),
|
||||
KORE_SYSCALL_ALLOW(munmap),
|
||||
+ KORE_SYSCALL_ALLOW(pipe2),
|
||||
|
||||
/* Deny mmap/mprotect calls with PROT_EXEC/PROT_WRITE protection. */
|
||||
- KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
|
||||
- KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
|
||||
+ //KORE_SYSCALL_DENY_WITH_FLAG(mmap, 2, PROT_EXEC | PROT_WRITE, EINVAL),
|
||||
+ //KORE_SYSCALL_DENY_WITH_FLAG(mprotect, 2, PROT_EXEC, EINVAL),
|
||||
|
||||
KORE_SYSCALL_ALLOW(mmap),
|
||||
KORE_SYSCALL_ALLOW(madvise),
|
||||
--
|
||||
2.26.2
|
||||
|
Loading…
Reference in New Issue