[Bug 2142] openssh sandboxing using libseccomp
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Mar 7 01:26:00 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2142
Steven Noonan <steven at uplinklabs.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |steven at uplinklabs.net
Resolution|WONTFIX |---
Status|RESOLVED |REOPENED
--- Comment #6 from Steven Noonan <steven at uplinklabs.net> ---
I'd like to reopen this because there's now a reason to implement this
change. A build of portable OpenSSH with the x32 ABI (gcc -mx32) on
x86_64 doesn't work correctly with the seccomp_filter sandbox.
With libseccomp I'm able to do seccomp_arch_add for SCMP_ARCH_X86_64
and SCMP_ARCH_X32 -- which is sufficient to unbreak things.
I'm attaching an updated patch which is a bit smaller and cleaner than
the previous version, and contains an array of syscall rules similar to
the one in sandbox-seccomp-filter.c. This reduces code size by a fair
amount.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list