[openssh-commits] [openssh] branch master updated (6dfb65de -> 195313df)

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  6dfb65de  crank versions in RPM specs
       new  195313df  harden Linux seccomp sandbox

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 195313dfe10a23c82e9d56d5fdd2f59beee1bdcf
Author: Damien Miller <djm at mindrot.org>
Date:   Fri Feb 3 16:33:09 2023 +1100

    harden Linux seccomp sandbox
    
    Linux mmap(2) and madvise(2) syscalls support quite a number of funky
    flags that we don't expect that sshd/libc will ever need. We can
    exclude this kernel attack surface by filtering the mmap(2) flags
    and the madvise(2) advice arguments.
    
    Similarly, the sandboxed process in sshd is a single-threaded program
    that does not use shared memory for synchronisation or communication.
    Therefore, there should be no reason for the advanced priority
    inheritance futex(2) operations to be necessary. These can also be
    excluded.
    
    Motivated by Jann Horn pointing out that there have been kernel bugs
    in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and
    CVE-2022-42703.
    
    Feedback Jann Horn, ok dtucker@

Summary of changes:
 sandbox-seccomp-filter.c | 79 +++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 74 insertions(+), 5 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.