[Bug 3430] New: 64 bit time and seccomp conflict

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri May 6 16:38:36 AEST 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3430

            Bug ID: 3430
           Summary: 64 bit time and seccomp conflict
           Product: Portable OpenSSH
           Version: 8.9p1
          Hardware: ARM
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: alacki93 at gmail.com

I found that glibc with support for 64-bit time could crash sshd
process with enabled seccomp seccomp. Test environment:
-Kernel 4.14.x
-32 bit ARM CPU
-glibc 2.34
-OpenSSH 8.9p1
-Toolchain: GCC 10

Syscall wrappers like a clock_gettime
(https://github.com/bminor/glibc/blob/glibc-2.34/sysdeps/unix/sysv/linux/clock_gettime.c)
first run syscall dedicated for kernels that support 64 bit time. If
this syscall failed with ENOSYS error, then glibc calls traditional
variant for 32 bit time.

OpenSSH in source code tries to figure which syscalls are supported by
kernel and only supported syscalls are added as an allowed in seccomp
(https://github.com/openssh/openssh-portable/blob/master/sandbox-seccomp-filter.c).
Because kernel 4.14 doesn’t support syscalls for 64 bit time,
__NR_clock_gettime64 is not added as a trusted syscall to seccomp. As a
result OpenSSH process is killed by seccomp every time when it tries to
use clock_gettime from glibc.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list