Subject: Allow only the ioctls we use (Shankara Pailoor)
Origin: FILE5_37-29-gfa46ca9d <https://github.com/file/file/commit/FILE5_37-29-gfa46ca9d>
Upstream-Author: Christos Zoulas <christos@zoulas.com>
Date: Fri Jun 21 16:44:23 2019 +0000

--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -33,6 +33,7 @@
 #if HAVE_LIBSECCOMP
 #include <seccomp.h> /* libseccomp */
 #include <sys/prctl.h> /* prctl */
+#include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <fcntl.h>
 #include <stdlib.h>
@@ -49,8 +50,14 @@
 	    goto out; \
     while (/*CONSTCOND*/0)
 
-static scmp_filter_ctx ctx;
+#define ALLOW_IOCTL_RULE(param) \
+    do \
+	if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, \
+	    SCMP_CMP(1, SCMP_CMP_EQ, param)) == -1) \
+		goto out; \
+    while (/*CONSTCOND*/0)
 
+static scmp_filter_ctx ctx;
 
 int
 enable_sandbox_basic(void)
@@ -171,7 +178,14 @@
 #ifdef __NR_getdents64
 	ALLOW_RULE(getdents64);
 #endif
-	ALLOW_RULE(ioctl);
+#ifdef FIONREAD
+	// called in src/compress.c under sread
+	ALLOW_IOCTL_RULE(FIONREAD);
+#endif
+#ifdef TIOCGWINSZ
+	// musl libc may call ioctl TIOCGWINSZ when calling stdout
+	ALLOW_IOCTL_RULE(TIOCGWINSZ);
+#endif
 	ALLOW_RULE(lseek);
  	ALLOW_RULE(_llseek);
 	ALLOW_RULE(lstat);