[Bug 2905] New: git: missing futex allow in sandbox seccomp filter

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Sep 14 19:19:21 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2905

            Bug ID: 2905
           Summary: git: missing futex allow in sandbox seccomp filter
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: arekm at maven.pl

I'm testing git version

commit beb9e522dc7717df08179f9e59f36b361bfa14ab (HEAD -> master,
origin/master, origin/HEAD)
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Sep 14 05:26:27 2018 +0000

    upstream: second try, deals properly with missing and private-only

with openssl 1.1.1, linux 4.9.125, glibc 2.28 and it fails:

run test keytype.sh ...
keygen dsa, 1024 bits
keygen rsa, 2048 bits
keygen rsa, 3072 bits
keygen ed25519, 512 bits
keygen ecdsa, 256 bits
keygen ecdsa, 384 bits
keygen ecdsa, 521 bits
userkey dsa-1024, hostkey dsa-1024
userkey dsa-1024, hostkey dsa-1024
userkey dsa-1024, hostkey dsa-1024
userkey rsa-2048, hostkey rsa-2048
userkey rsa-2048, hostkey rsa-2048
userkey rsa-2048, hostkey rsa-2048
userkey rsa-3072, hostkey rsa-3072
userkey rsa-3072, hostkey rsa-3072
userkey rsa-3072, hostkey rsa-3072
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ecdsa-256, hostkey ecdsa-256
userkey ecdsa-256, hostkey ecdsa-256
userkey ecdsa-256, hostkey ecdsa-256
userkey ecdsa-384, hostkey ecdsa-384
userkey ecdsa-384, hostkey ecdsa-384
userkey ecdsa-384, hostkey ecdsa-384
userkey ecdsa-521, hostkey ecdsa-521
userkey ecdsa-521, hostkey ecdsa-521
userkey ecdsa-521, hostkey ecdsa-521
failed login with different key types
make[1]: *** [Makefile:207: t-exec] Error 1



Stripped test down to test ed25519-512 only:

regress]$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh
`pwd` keytype.sh
keygen ed25519, 512 bits
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
failed login with different key types

straced sshd and sshd gets killed due to futex() usage:

16253 <... write resumed> )             = 52
16252 <... write resumed> )             = 39
16252 read(10,  <unfinished ...>
16253 futex(0x7f2837d35b04, FUTEX_WAKE_PRIVATE, 2147483647 <unfinished
...>
16252 <... read resumed> "\0\0\0A", 4)  = 4
16252 read(10,  <unfinished ...>
16253 <... futex resumed>)              = ?
16252 <... read resumed> "\0\0\0\5\0\0\09auth_activate_options: setting
new authentication options", 65) = 65
16252 write(3, "debug1: auth_activate_options: setting new
authentication options [preauth]\r\n", 77) = 77
16252 read(10, "\0\0\0:", 4)            = 4
16252 read(10, "\0\0\0\6\0\0\0002userauth_pubkey: authenticated 1 pkalg
ssh-ed25519", 58) = 58
16252 write(3, "debug2: userauth_pubkey: authenticated 1 pkalg
ssh-ed25519 [preauth]\r\n", 70) = 70
16252 read(10, "\0\0\08", 4)            = 4
16252 read(10, "\0\0\0\7\0\0\0000user_specific_delay: user specific
delay 0.000ms", 56) = 56
16253 +++ killed by SIGSYS +++
16252 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=16253,
si_uid=1000, si_status=SIGSYS, si_utime=1, si_stime=0} ---
16252 write(3, "debug3: user_specific_delay: user specific delay
0.000ms [preauth]\r\n", 68) = 68
16252 read(10, "\0\0\0X", 4)            = 4
16252 read(10, "\0\0\0\7\0\0\0Pensure_minimum_time_since: elapsed
8.354ms, delaying 3.904ms (requested 6.129ms)", 88) = 88
16252 write(3, "debug3: ensure_minimum_time_since: elapsed 8.354ms,
delaying 3.904ms (requested 6.129ms) [preauth]\r\n", 100) = 100
16252 read(10, "\0\0\0\34", 4)          = 4
16252 read(10, "\0\0\0\7\0\0\0\24send packet: type 52", 28) = 28
16252 write(3, "debug3: send packet: type 52 [preauth]\r\n", 40) = 40
16252 read(10, "\0\0\0)", 4)            = 4
16252 read(10, "\0\0\0\7\0\0\0!mm_request_send entering: type 26", 41)
= 41
16252 write(3, "debug3: mm_request_send entering: type 26
[preauth]\r\n", 53) = 53
16252 read(10, "\0\0\0000", 4)          = 4
16252 read(10, "\0\0\0\7\0\0\0(mm_send_keystate: Finished sending
state", 48) = 48
16252 write(3, "debug3: mm_send_keystate: Finished sending state
[preauth]\r\n", 60) = 60
16252 read(10, "", 4)                   = 0
16252 write(3, "debug1: monitor_read_log: child log fd closed\r\n", 47)
= 47
16252 close(10)                         = 0
16252 wait4(16253, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGSYS}], 0,
NULL) = 16253
16252 write(3, "privsep_preauth: preauth child terminated by signal
31\r\n", 56) = 56


With 

--- sandbox-seccomp-filter.c.org        2018-09-14 10:56:00.557388954
+0200
+++ sandbox-seccomp-filter.c    2018-09-14 11:13:00.051826982 +0200
@@ -166,6 +166,9 @@
 #ifdef __NR_exit_group
        SC_ALLOW(__NR_exit_group),
 #endif
+#ifdef __NR_futex
+       SC_ALLOW(__NR_futex),
+#endif
 #ifdef __NR_geteuid
        SC_ALLOW(__NR_geteuid),
 #endif


entire above test and entire test suite completes with success.

"all tests passed"

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list