[Bug 3085] New: seccomp issue after upgrading openssl

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3085

            Bug ID: 3085
           Summary: seccomp issue after upgrading openssl
           Product: Portable OpenSSH
           Version: 8.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: brunni at netestate.de

hi

after upgrading openssl from 1.0.2p to 1.1.1d and recompiling my
previously working version of openssh-8.1p1, I suddenly cannot connect
any more:

debug1: SSH2_MSG_KEXINIT sent
Connection reset by 81.209.177.7 port 1111

The server side looks like this:

Connection from 81.209.177.119 port 55768 on 81.209.177.7 port 1111
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_8.1
debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 17293
debug3: preauth child monitor started
debug3: privsep user:group 39:38 [preauth]
debug1: permanently_set_uid: 39/38 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 17293

Adding --with-sandbox=rlimit to the configure options solved the
problem so it must be related to the seccomp sandbox. I know there have
been fixes to it regarding openssl. Is it possible that there are still
issues?

I have Linux Kernel 4.9.195 with glibc 2.30 and gcc 7.3.0.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.