Shutdown in Seccomp Filter

Colin Watson cjwatson at
Tue Jun 11 01:11:14 AEST 2019

On Mon, Jun 10, 2019 at 07:48:03AM -0700, shankarapailoor . wrote:
> I was looking at the openssh seccomp filter and I was curious why is
> shutdown is allowed in the whitelist?
> I've been doing an analysis on the openssh code and the callpaths I find
> which call shutdown have the form:
> main->do_authenticated->server_loop2->channel_after_select->channel_handler->channel_post_mux_client->read_mux->chan_read_failed->chan_shutdown_read->shutdown
> However, isn't do_authenticated handled in the parent process which isn't
> sandboxed? I might be gravely mistaken here so my apologies if I'm wrong.

It was originally added here:

... but then that shutdown call was removed here:

... so it does indeed seem possible that it's no longer needed, though I
imagine it'd need some testing.

Colin Watson                                       [cjwatson at]

More information about the openssh-unix-dev mailing list