[Bug 3639] server thread aborts during client login after receiving SSH2_MSG_KEXINIT due to ssh_sandbox_violation

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Dec 4 14:14:35 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3639

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
This is the details of the sandbox violation:

> ssh_sandbox_violation: unexpected system call (arch:0x40000028,syscall:20 @ 0xf7ba380c

syscall 20 is getpid:

> [djm at djm linux]$ grep 'NR.* 20$' arch/arm64/include/asm/unistd32.h
> #define __NR_getpid 20

but getpid is allowed by the sshd sandbox policy:

> [djm at djm openssh]$ grep -A1 getpid sandbox-seccomp-filter.c
> #ifdef __NR_getpid
> 	SC_ALLOW(__NR_getpid),
> #endif

However, this only works in __NR_getpid is defined in a system header
than that header is correctly picked up during sshd's compilation. If
your system headers are messed up then sshd won't pick up the correct
syscall number and sandbox violations will occur.

You could try attaching ./configure output and config.h (please don't
paste them inline), which might help, but I suspect that the root cause
is going that your system headers are messed up in some way.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list