[Bug 2905] New: git: missing futex allow in sandbox seccomp filter
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Sep 14 19:19:21 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2905
Bug ID: 2905
Summary: git: missing futex allow in sandbox seccomp filter
Product: Portable OpenSSH
Version: 7.7p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: arekm at maven.pl
I'm testing git version
commit beb9e522dc7717df08179f9e59f36b361bfa14ab (HEAD -> master,
origin/master, origin/HEAD)
Author: djm at openbsd.org <djm at openbsd.org>
Date: Fri Sep 14 05:26:27 2018 +0000
upstream: second try, deals properly with missing and private-only
with openssl 1.1.1, linux 4.9.125, glibc 2.28 and it fails:
run test keytype.sh ...
keygen dsa, 1024 bits
keygen rsa, 2048 bits
keygen rsa, 3072 bits
keygen ed25519, 512 bits
keygen ecdsa, 256 bits
keygen ecdsa, 384 bits
keygen ecdsa, 521 bits
userkey dsa-1024, hostkey dsa-1024
userkey dsa-1024, hostkey dsa-1024
userkey dsa-1024, hostkey dsa-1024
userkey rsa-2048, hostkey rsa-2048
userkey rsa-2048, hostkey rsa-2048
userkey rsa-2048, hostkey rsa-2048
userkey rsa-3072, hostkey rsa-3072
userkey rsa-3072, hostkey rsa-3072
userkey rsa-3072, hostkey rsa-3072
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ecdsa-256, hostkey ecdsa-256
userkey ecdsa-256, hostkey ecdsa-256
userkey ecdsa-256, hostkey ecdsa-256
userkey ecdsa-384, hostkey ecdsa-384
userkey ecdsa-384, hostkey ecdsa-384
userkey ecdsa-384, hostkey ecdsa-384
userkey ecdsa-521, hostkey ecdsa-521
userkey ecdsa-521, hostkey ecdsa-521
userkey ecdsa-521, hostkey ecdsa-521
failed login with different key types
make[1]: *** [Makefile:207: t-exec] Error 1
Stripped test down to test ed25519-512 only:
regress]$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh
`pwd` keytype.sh
keygen ed25519, 512 bits
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
failed login with different key types
straced sshd and sshd gets killed due to futex() usage:
16253 <... write resumed> ) = 52
16252 <... write resumed> ) = 39
16252 read(10, <unfinished ...>
16253 futex(0x7f2837d35b04, FUTEX_WAKE_PRIVATE, 2147483647 <unfinished
...>
16252 <... read resumed> "\0\0\0A", 4) = 4
16252 read(10, <unfinished ...>
16253 <... futex resumed>) = ?
16252 <... read resumed> "\0\0\0\5\0\0\09auth_activate_options: setting
new authentication options", 65) = 65
16252 write(3, "debug1: auth_activate_options: setting new
authentication options [preauth]\r\n", 77) = 77
16252 read(10, "\0\0\0:", 4) = 4
16252 read(10, "\0\0\0\6\0\0\0002userauth_pubkey: authenticated 1 pkalg
ssh-ed25519", 58) = 58
16252 write(3, "debug2: userauth_pubkey: authenticated 1 pkalg
ssh-ed25519 [preauth]\r\n", 70) = 70
16252 read(10, "\0\0\08", 4) = 4
16252 read(10, "\0\0\0\7\0\0\0000user_specific_delay: user specific
delay 0.000ms", 56) = 56
16253 +++ killed by SIGSYS +++
16252 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=16253,
si_uid=1000, si_status=SIGSYS, si_utime=1, si_stime=0} ---
16252 write(3, "debug3: user_specific_delay: user specific delay
0.000ms [preauth]\r\n", 68) = 68
16252 read(10, "\0\0\0X", 4) = 4
16252 read(10, "\0\0\0\7\0\0\0Pensure_minimum_time_since: elapsed
8.354ms, delaying 3.904ms (requested 6.129ms)", 88) = 88
16252 write(3, "debug3: ensure_minimum_time_since: elapsed 8.354ms,
delaying 3.904ms (requested 6.129ms) [preauth]\r\n", 100) = 100
16252 read(10, "\0\0\0\34", 4) = 4
16252 read(10, "\0\0\0\7\0\0\0\24send packet: type 52", 28) = 28
16252 write(3, "debug3: send packet: type 52 [preauth]\r\n", 40) = 40
16252 read(10, "\0\0\0)", 4) = 4
16252 read(10, "\0\0\0\7\0\0\0!mm_request_send entering: type 26", 41)
= 41
16252 write(3, "debug3: mm_request_send entering: type 26
[preauth]\r\n", 53) = 53
16252 read(10, "\0\0\0000", 4) = 4
16252 read(10, "\0\0\0\7\0\0\0(mm_send_keystate: Finished sending
state", 48) = 48
16252 write(3, "debug3: mm_send_keystate: Finished sending state
[preauth]\r\n", 60) = 60
16252 read(10, "", 4) = 0
16252 write(3, "debug1: monitor_read_log: child log fd closed\r\n", 47)
= 47
16252 close(10) = 0
16252 wait4(16253, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGSYS}], 0,
NULL) = 16253
16252 write(3, "privsep_preauth: preauth child terminated by signal
31\r\n", 56) = 56
With
--- sandbox-seccomp-filter.c.org 2018-09-14 10:56:00.557388954
+0200
+++ sandbox-seccomp-filter.c 2018-09-14 11:13:00.051826982 +0200
@@ -166,6 +166,9 @@
#ifdef __NR_exit_group
SC_ALLOW(__NR_exit_group),
#endif
+#ifdef __NR_futex
+ SC_ALLOW(__NR_futex),
+#endif
#ifdef __NR_geteuid
SC_ALLOW(__NR_geteuid),
#endif
entire above test and entire test suite completes with success.
"all tests passed"
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list