Is it safe to modify sandbox-seccomp-filter?

Wenyi Cheng wyc9004 at
Tue Jun 19 06:30:45 AEST 2018

Hi openssh-unix-dev,

I'm upgrading the openssh in our system from 6.6 to 7.6. The option
UsePrivilegeSeparation for sshd has been deprecated since 7.5. We used to
set it to yes but it's now sandbox by default.

We are using futex which is not allowed with sandbox. So I have to manually
add the following code change to sandbox-seccomp-filter.c to make it work.

> #ifdef __NR_futex
>         SC_ALLOW(__NR_futex),
> #endif

Will this change cause any security issue?


Wenyi Cheng

More information about the openssh-unix-dev mailing list