f2c3d6e19a
Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-4.3p2-askpass-grab-info.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-5.1p1-askpass-progress.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-5.8p2-sigpipe.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-5.9p1-ipv6man.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.3p1-ctr-evp-fast.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.4p1-fromto-remote.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6.1p1-log-in-chroot.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6.1p1-scp-non-existing-directory.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6.1p1-selinux-contexts.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-allow-ip-opts.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-force_krb.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-GSSAPIEnablek5users.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-keycat.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-keyperm.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-kuserok.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-privsep-selinux.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.7p1-coverity.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.7p1-sftp-force-permission.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.8p1-sshdT-output.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.1p2-audit-race-condition.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.2p2-k5login_directory.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.2p2-s390-closefrom.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.2p2-x11.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.3p1-x11-max-displays.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.4p1-systemd.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.5p1-sandbox.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.6p1-audit.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.6p1-cleanup-selinux.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.7p1-fips.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.7p1-gssapi-new-unique.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.7p1.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.8p1-role-mls.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.8p1-scp-ipv6.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.8p1-UsePAM-warning.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-crypto-policies.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-gssapi-keyex.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-keygen-strip-doseol.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-openssl-evp.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-openssl-kdf.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-pkcs11-uri.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-preserve-pam-errors.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.2p1-visibility.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.2p1-x11-without-ipv6.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.7p1-scp-kill-switch.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.10.2-compat.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.10.2-dereference.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.10.3-seteuid.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.9.2-visibility.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.9.3-agent_structure.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.9.3-build.patch
55 lines
1.8 KiB
Diff
55 lines
1.8 KiB
Diff
Zseries only: Leave the hardware filedescriptors open.
|
|
|
|
All filedescriptors above 2 are getting closed when a new
|
|
sshd process to handle a new client connection is
|
|
spawned. As the process also chroot into an empty filesystem
|
|
without any device nodes, there is no chance to reopen the
|
|
files. This patch filters out the reqired fds in the
|
|
closefrom function so these are skipped in the close loop.
|
|
|
|
Author: Harald Freudenberger <freude@de.ibm.com>
|
|
|
|
---
|
|
openbsd-compat/bsd-closefrom.c | 26 ++++++++++++++++++++++++++
|
|
Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-openssh-7.2p2-s390-closefrom.patch
|
|
1 file changed, 26 insertions(+)
|
|
|
|
--- a/openbsd-compat/bsd-closefrom.c
|
|
+++ b/openbsd-compat/bsd-closefrom.c
|
|
Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-openssh-7.2p2-s390-closefrom.patch
|
|
@@ -82,7 +82,33 @@ closefrom(int lowfd)
|
|
fd = strtol(dent->d_name, &endp, 10);
|
|
if (dent->d_name != endp && *endp == '\0' &&
|
|
fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
|
|
+#ifdef __s390__
|
|
+ {
|
|
+ /*
|
|
+ * the filedescriptors used to communicate with
|
|
+ * the device drivers to provide hardware support
|
|
+ * should survive. HF <freude@de.ibm.com>
|
|
+ */
|
|
+ char fpath[PATH_MAX], lpath[PATH_MAX];
|
|
+ len = snprintf(fpath, sizeof(fpath), "%s/%s",
|
|
+ fdpath, dent->d_name);
|
|
+ if (len > 0 && (size_t)len <= sizeof(fpath)) {
|
|
+ len = readlink(fpath, lpath, sizeof(lpath));
|
|
+ if (len > 0) {
|
|
+ lpath[len] = 0;
|
|
+ if (strstr(lpath, "dev/z90crypt")
|
|
+ || strstr(lpath, "dev/zcrypt")
|
|
+ || strstr(lpath, "dev/prandom")
|
|
+ || strstr(lpath, "dev/shm/icastats"))
|
|
+ fd = -1;
|
|
+ }
|
|
+ }
|
|
+ if (fd >= 0)
|
|
+ (void) close((int) fd);
|
|
+ }
|
|
+#else
|
|
(void) close((int) fd);
|
|
+#endif
|
|
}
|
|
(void) closedir(dirp);
|
|
return;
|
|
|