[openssh with openssl cryptodev engine] sshd killed by seccomp filter
Corentin LABBE
clabbe.montjoie at gmail.com
Tue Mar 17 02:34:47 AEDT 2015
On 02/25/15 23:07, Ángel González wrote:
> On 25/02/15 18:21, Damien Miller wrote:
>> On Wed, 25 Feb 2015, LABBE Corentin wrote:
>>> + SC_ALLOW(ioctl),
>> no, sorry. ioctl is too much attack kernel surface and would defeat the
>> usefulness of the sandbox.
>>
>> -d
> Labbe, which ioctl is being issued?
>
Lots of differents ioctl, but nothing standard, there are used only by the cryptodev module.
example:
ioctl(ctx->cfd, CIOCGSESSION, &ctx->sess)
ioctl(ctx->cfd, CIOCFSESSION, &ctx->sess.ses)
ioctl(ctx->cfd, CIOCAUTHCRYPT, &cryp)
ioctl(ctx->cfd, CIOCCRYPT, &cryp)
Regards
More information about the openssh-unix-dev
mailing list