File: 0015-disable-clone-newpid.patch

package info (click to toggle)
vsftpd 3.0.5-0.2
  • links: PTS
  • area: main
  • in suites: trixie
  • size: 2,636 kB
  • sloc: ansic: 16,810; sh: 251; makefile: 51; python: 18
file content (30 lines) | stat: -rw-r--r-- 1,157 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
Author: Michal Vyskocil <mvyskocil@suse.cz>
Description: Drop CLONE_NEWPID from clone call
 Kernel audit system prohibits the processes created with CLONE_NEWPID, so an
 attempt to log into ftp server ends with
 .
   audit_log_acct_message() failed: Operation not permitted
 .
 https://bugzilla.novell.com/show_bug.cgi?id=786024#c38

diff -Naurp vsftpd.orig/sysdeputil.c vsftpd/sysdeputil.c
--- vsftpd.orig/sysdeputil.c
+++ vsftpd/sysdeputil.c
@@ -1303,7 +1303,7 @@ vsf_sysutil_fork_isolate_all_failok()
   if (cloneflags_work)
   {
     int ret = syscall(__NR_clone,
-                      CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,
+                      CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,
                       NULL);
     if (ret != -1 || (errno != EINVAL && errno != EPERM))
     {
@@ -1326,7 +1326,7 @@ vsf_sysutil_fork_isolate_failok()
   static int cloneflags_work = 1;
   if (cloneflags_work)
   {
-    int ret = syscall(__NR_clone, CLONE_NEWPID | CLONE_NEWIPC | SIGCHLD, NULL);
+    int ret = syscall(__NR_clone, CLONE_NEWIPC | SIGCHLD, NULL);
     if (ret != -1 || (errno != EINVAL && errno != EPERM))
     {
       if (ret == 0)