[Bug 3478] Default "kill" action of seccomp sandbox is fragile
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Dec 12 09:40:29 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3478
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Created attachment 3640
--> https://bugzilla.mindrot.org/attachment.cgi?id=3640&action=edit
safer debugging for seccomp sandbox violations
One thing we could do it make it easier to debug seccomp sandbox
failures. Currently, these require a rebuild of OpenSSH and some
signal-handler unsafe code (though I think its impact is limited to
hung connections).
This tries to make the sandbox violation debugging signal handler safe
and AFAIK safe enough to keep enabled all the time. The only catch is
that it requires stderr attached as every other option (syslog, monitor
log socket) is either unavailable or requires signal handler unsafe
syscalls.
Example (inserting a random setuid() call into sshd.c):
[djm at djm openssh]$ sudo /home/djm/cvs/openssh/sshd -Dep2222
-oPidFile=none -fnone
Server listening on 0.0.0.0 port 2222.
Server listening on :: port 2222.
ssh_sandbox_violation: unexpected system call: arch:0xc000003e
syscall:0x69 addr:0x7f9ad54dc405
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list