[Bug 3702] sshd fork crashed when compiled with seccomp

Mon Jun 24 06:30:46 AEST 2024

https://bugzilla.mindrot.org/show_bug.cgi?id=3702

--- Comment #8 from Nikola <root at nixsum.net> ---
I have realized that the problem lies within my shallow understanding
and I am in deep waters here.

When installing 64bit Raspbian I never knew that only the kernel is
64bit, whereas all the binaries, including the compiler are actually
32bit ARM.

When i run the configure script the below line is seen:

    checking for seccomp architecture... "AUDIT_ARCH_AARCH64"

So in the end it produces a 32bit ARM binary with the 64bit ARM seccomp
sandbox, resulting in isolating the wrong syscalls due to the major
differences between them (or at least that's to what conclusions I
came).

Trying to run ./configure --host=arm reports that seccomp is not
supported.

    checking kernel for seccomp_filter support... no

I was able to fool it by hard coding it, but that's probably considered
a crime and I'm not aware if there's another way to override it:

'''
printf %s "checking for seccomp architecture... " >&6; }
        seccomp_audit_arch=
        case "$host" in
        x86_64-*)
                seccomp_audit_arch=AUDIT_ARCH_X86_64
                ;;
        i*86-*)
                seccomp_audit_arch=AUDIT_ARCH_I386
                ;;
        arm*-*)
                seccomp_audit_arch=AUDIT_ARCH_ARM
                ;;
        aarch64*-*)
#               seccomp_audit_arch=AUDIT_ARCH_AARCH64
                seccomp_audit_arch=AUDIT_ARCH_ARM
                ;;
'''

With the above "fix" the resulting binary works as intended.

It also works well when I boot the 32bit kernel and then compile, which
is something I did not figure out initially.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.