[Bug 3478] Default "kill" action of seccomp sandbox is fragile

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Dec 12 09:40:29 AEDT 2022


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
                 CC|                            |djm at mindrot.org

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Created attachment 3640
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3640&action=edit
safer debugging for seccomp sandbox violations

One thing we could do it make it easier to debug seccomp sandbox
failures. Currently, these require a rebuild of OpenSSH and some
signal-handler unsafe code (though I think its impact is limited to
hung connections).

This tries to make the sandbox violation debugging signal handler safe
and AFAIK safe enough to keep enabled all the time. The only catch is
that it requires stderr attached as every other option (syslog, monitor
log socket) is either unavailable or requires signal handler unsafe

Example (inserting a random setuid() call into sshd.c):

[djm at djm openssh]$ sudo /home/djm/cvs/openssh/sshd -Dep2222
-oPidFile=none -fnone
Server listening on port 2222.
Server listening on :: port 2222.
ssh_sandbox_violation: unexpected system call: arch:0xc000003e
syscall:0x69 addr:0x7f9ad54dc405

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list