faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nts: move loading of syscall filter in NTS-KE server

Browse source 
Load the filter after NKS_Initialise() to avoid hitting
a fcntl syscall.

Fixes: 66e097e3e6 ("nts: improve NTS-KE server/client code")
This commit is contained in:
Miroslav Lichvar 2020-07-27 09:56:53 +02:00
parent 72bf3d26eb
commit be503bbcf6
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nts_ke_server.c
View file

@ -641,12 +641,12 @@ run_helper(uid_t uid, gid_t gid, int scfilter_level)
if (!geteuid() && (uid || gid)) if (!geteuid() && (uid || gid))
SYS_DropRoot(uid, gid); SYS_DropRoot(uid, gid);
NKS_Initialise();
UTI_SetQuitSignalsHandler(helper_signal, 1); UTI_SetQuitSignalsHandler(helper_signal, 1);
if (scfilter_level != 0) if (scfilter_level != 0)
SYS_EnableSystemCallFilter(scfilter_level, SYS_NTSKE_HELPER); SYS_EnableSystemCallFilter(scfilter_level, SYS_NTSKE_HELPER);
NKS_Initialise();
SCH_MainLoop(); SCH_MainLoop();
DEBUG_LOG("Helper exiting"); DEBUG_LOG("Helper exiting");