summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/sandbox-systrace.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/sandbox-systrace.c')
-rw-r--r--crypto/openssh/sandbox-systrace.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/crypto/openssh/sandbox-systrace.c b/crypto/openssh/sandbox-systrace.c
index 6706c9a..aaa3d8f 100644
--- a/crypto/openssh/sandbox-systrace.c
+++ b/crypto/openssh/sandbox-systrace.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-systrace.c,v 1.9 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: sandbox-systrace.c,v 1.13 2014/07/17 00:10:56 djm Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
@@ -52,7 +52,17 @@ struct sandbox_policy {
static const struct sandbox_policy preauth_policy[] = {
{ SYS_open, SYSTR_POLICY_NEVER },
+#ifdef SYS_getentropy
+ /* OpenBSD 5.6 and newer use getentropy(2) to seed arc4random(3). */
+ { SYS_getentropy, SYSTR_POLICY_PERMIT },
+#else
+ /* Previous releases used sysctl(3)'s kern.arnd variable. */
{ SYS___sysctl, SYSTR_POLICY_PERMIT },
+#endif
+
+#ifdef SYS_sendsyslog
+ { SYS_sendsyslog, SYSTR_POLICY_PERMIT },
+#endif
{ SYS_close, SYSTR_POLICY_PERMIT },
{ SYS_exit, SYSTR_POLICY_PERMIT },
{ SYS_getpid, SYSTR_POLICY_PERMIT },
OpenPOWER on IntegriCloud