search for: systrace_fd

...preauth_policy[] = { + SYS___sysctl, + SYS_close, + SYS_exit, + SYS_getpid, + SYS_gettimeofday, + SYS_madvise, + SYS_mmap, + SYS_mprotect, + SYS_poll, + SYS_munmap, + SYS_read, + SYS_select, + SYS_sigprocmask, + SYS_write, + -1 +}; + +struct ssh_sandbox { + int child_sock; + int parent_sock; + int systrace_fd; + pid_t child_pid; + struct systrace_policy policy; +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + int s[2]; + + debug3("%s: preparing systrace sandbox", __func__); + box = xcalloc(1, sizeof(*box)); + if (socketpair(AF_UNIX, SOCK_STREAM, 0, s) == -1)...

...memset(peer_confirm_hash, 0, peer_confirm_hash_len); xfree(peer_confirm_hash); buffer_clear(m); -------------- next part -------------- --- sandbox-systrace.c.orig 2012-12-19 17:27:48.258532654 -0800 +++ sandbox-systrace.c 2012-12-19 17:28:12.705825672 -0800 @@ -140,7 +140,7 @@ box->systrace_fd, child_pid, strerror(errno)); /* Allocate and assign policy */ - bzero(&policy, sizeof(policy)); + memset(&policy, 0, sizeof(policy)); policy.strp_op = SYSTR_POLICY_NEW; policy.strp_maxents = SYS_MAXSYSCALL; if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1) --...

...', I've replaced the bzero() call with the equivalent memset() call. The patch file is below in (diff -u) format: --- sandbox-systrace.c.orig 2012-12-19 17:27:48.258532654 -0800 +++ sandbox-systrace.c 2012-12-19 17:28:12.705825672 -0800 @@ -140,7 +140,7 @@ box->systrace_fd, child_pid, strerror(errno)); /* Allocate and assign policy */ - bzero(&policy, sizeof(policy)); + memset(&policy, 0, sizeof(policy)); policy.strp_op = SYSTR_POLICY_NEW; policy.strp_maxents = SYS_MAXSYSCALL; if (ioctl(box->systrace_fd, STRIOC...