From be503bbcf6b003e7e0cf7c1dcfeaef42ce58e350 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 27 Jul 2020 09:56:53 +0200 Subject: [PATCH] nts: move loading of syscall filter in NTS-KE server Load the filter after NKS_Initialise() to avoid hitting a fcntl syscall. Fixes: 66e097e3e644 ("nts: improve NTS-KE server/client code") --- nts_ke_server.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nts_ke_server.c b/nts_ke_server.c index 1049da0..67500f4 100644 --- a/nts_ke_server.c +++ b/nts_ke_server.c @@ -641,12 +641,12 @@ run_helper(uid_t uid, gid_t gid, int scfilter_level) if (!geteuid() && (uid || gid)) SYS_DropRoot(uid, gid); + NKS_Initialise(); + UTI_SetQuitSignalsHandler(helper_signal, 1); if (scfilter_level != 0) SYS_EnableSystemCallFilter(scfilter_level, SYS_NTSKE_HELPER); - NKS_Initialise(); - SCH_MainLoop(); DEBUG_LOG("Helper exiting");