[Bug 2590] Seccomp filter for missing architectures

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Aug 16 22:45:20 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2590

Joshua Kinard <kumba at gentoo.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CLOSED                      |REOPENED
         Resolution|FIXED                       |---
                 CC|                            |kumba at gentoo.org

--- Comment #3 from Joshua Kinard <kumba at gentoo.org> ---
(In reply to Damien Miller from comment #1)
> Patch applied - thank-you very much for doing the testing for these.
> This will be in the openssh-7.3 release.

I hate to reopen, but I found a corner case for MIPS broken by the MIPS
whitelist.  Specifically, the proposed whitelist does not account for
MIPS N32 ABI (under mips64).

Specifically:
+       mips64-*)
+               seccomp_audit_arch=AUDIT_ARCH_MIPS64

There needs to be another hook to somehow detect N32 and then set
either AUDIT_ARCH_MIPS64 (big-endian) or AUDIT_ARCH_MIPSEL64N32
(little-endian).

I believe there's a known/defined CHOST tuple to specify an N32
userland, but it's not common, so CHOST seems to be unreliable to
detect this.  I am not sure of another reasonable way to do so right
now.

Without this fix, on mips64/N32 platforms, "UsePrivilegeSeparation
sandbox" will fail and not allow a client to connect.  Per strace:

[pid  1883] prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
[pid  1883] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
filter=0x565f3920}) = 0
[pid  1883] write(3,
"\0\0\3|\10\24\270\256hb<\257-\30\216\214L\301\35\230\10\233\0\0\0\324curve2"...,
896 <unfinished ...>
[pid  1883] --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP,
si_call_addr=NULL, si_syscall=__NR_write, si_arch=AUDIT_ARCH_MIPS64N32}
---
[pid  1883] <... write resumed> )       = -1 ERRNO_6001 (Unknown error
6001)
[pid  1883] --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP,
si_call_addr=NULL, si_syscall=__NR_write, si_arch=AUDIT_ARCH_MIPS64N32}
---
[pid  1882] <... poll resumed> )        = 2 ([{fd=6,
revents=POLLIN|POLLHUP}, {fd=7, revents=POLLHUP}])
[pid  1883] +++ killed by SIGSYS +++
[pid  1882] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED,
si_pid=1883, si_uid=22, si_status=SIGSYS, si_utime=0, si_stime=0} ---
[pid  1882] read(7, "", 4)              = 0
[pid  1882] close(7)                    = 0
[pid  1882] poll([{fd=6, events=POLLIN}], 1, -1) = 1 ([{fd=6,
revents=POLLIN|POLLHUP}])
[pid  1882] read(6, "", 4)              = 0
[pid  1882] kill(1883, SIGKILL)         = 0
[pid  1882] exit_group(255)             = ?
[pid  1882] +++ exited with 255 +++

Switching to "UsePrivilegeSeparation yes" is a workaround, but seems
suboptimal.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list