Attachment 3640 Details for Bug 3478 – safer debugging for seccomp sandbox violations

[patch] safer debugging for seccomp sandbox violations

debug-seccomp.diff (text/plain), 3.58 KB, created by Damien Miller on 2022-12-12 09:40:29 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2022-12-12 09:40:29 AEDT

Size: 3.58 KB

patch

obsolete

>diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
>index cec43c463..f41465242 100644
>--- a/sandbox-seccomp-filter.c
>+++ b/sandbox-seccomp-filter.c
>@@ -15,12 +15,12 @@
>  */
> 
> /*
>- * Uncomment the SANDBOX_SECCOMP_FILTER_DEBUG macro below to help diagnose
>- * filter breakage during development. *Do not* use this in production,
>- * as it relies on making library calls that are unsafe in signal context.
>+ * Uncomment the SANDBOX_SECCOMP_FILTER_DEBUG macro below and run sshd with
>+ * stderr attached (sshd -De ... or sshd -d ...) to receive notifications of
>+ * sandbox violations to stderr. E.g.
>  *
>- * Instead, live systems the auditctl(8) may be used to monitor failures.
>- * E.g.
>+ * Alternately, live systems the auditctl(8) may be used to monitor
>+ * failures. E.g.
>  *   auditctl -a task,always -F uid=<privsep uid>
>  */
> /* #define SANDBOX_SECCOMP_FILTER_DEBUG 1 */
>@@ -364,18 +364,50 @@ ssh_sandbox_init(struct monitor *monitor)
> }
> 
> #ifdef SANDBOX_SECCOMP_FILTER_DEBUG
>-extern struct monitor *pmonitor;
>-void mm_log_handler(LogLevel level, int forced, const char *msg, void *ctx);
>+/* convert an integer to a hex string; for use in signal handler */
>+static const char *
>+ntoh(long unsigned int n)
>+{
>+	static char ret[sizeof(long unsigned int) * 2 + 2 + 1];
>+	int i = sizeof(ret) - 2;
>+
>+	if (n == 0)
>+		return "0";
>+	while (n > 0) {
>+		ret[i--] = "0123456789abcdef"[n & 0xf];
>+		n >>= 4;
>+	}
>+	ret[i--] = 'x';
>+	ret[i--] = '0';
>+	ret[sizeof(ret) - 1] = '\0';
>+	return &(ret[i + 1]);
>+}
> 
> static void
> ssh_sandbox_violation(int signum, siginfo_t *info, void *void_context)
> {
> 	char msg[256];
>+	extern int log_stderr; /* from sshd.c */
>+
>+	/*
>+	 * Attempt to write details of the offending syscall to stderr
>+	 * using only signal handler-safe calls.
>+	 */
>+
>+	if (!log_stderr)
>+		return;
>+
>+	strlcpy(msg, __func__, sizeof(msg));
>+	strlcat(msg, ": unexpected system call: arch:", sizeof(msg));
>+	strlcat(msg, ntoh(info->si_arch), sizeof(msg));
>+	strlcat(msg, " syscall:", sizeof(msg));
>+	strlcat(msg, ntoh(info->si_syscall), sizeof(msg));
>+	strlcat(msg, " addr:", sizeof(msg));
>+	strlcat(msg, ntoh((unsigned long)info->si_call_addr), sizeof(msg));
>+	strlcat(msg, "\n", sizeof(msg));
>+
>+	write(STDERR_FILENO, msg, strlen(msg));
> 
>-	snprintf(msg, sizeof(msg),
>-	    "%s: unexpected system call (arch:0x%x,syscall:%d @ %p)",
>-	    __func__, info->si_arch, info->si_syscall, info->si_call_addr);
>-	mm_log_handler(SYSLOG_LEVEL_FATAL, 0, msg, pmonitor);
> 	_exit(1);
> }
> 
>@@ -391,14 +423,14 @@ ssh_sandbox_child_debugging(void)
> 	sigaddset(&mask, SIGSYS);
> 
> 	act.sa_sigaction = &ssh_sandbox_violation;
>-	act.sa_flags = SA_SIGINFO;
>+	act.sa_flags = SA_SIGINFO | SA_RESETHAND;
> 	if (sigaction(SIGSYS, &act, NULL) == -1)
> 		fatal("%s: sigaction(SIGSYS): %s", __func__, strerror(errno));
> 	if (sigprocmask(SIG_UNBLOCK, &mask, NULL) == -1)
> 		fatal("%s: sigprocmask(SIGSYS): %s",
> 		    __func__, strerror(errno));
> }
>-#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
>+#endif
> 
> void
> ssh_sandbox_child(struct ssh_sandbox *box)
>@@ -424,7 +456,7 @@ ssh_sandbox_child(struct ssh_sandbox *box)
> 
> #ifdef SANDBOX_SECCOMP_FILTER_DEBUG
> 	ssh_sandbox_child_debugging();
>-#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
>+#endif
> 
> 	debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__);
> 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) {
>diff --git a/sshd.c b/sshd.c
>index 6bb3a9621..a9cc33627 100644
>--- a/sshd.c
>+++ b/sshd.c
>@@ -166,7 +166,7 @@ static int inetd_flag = 0;
> static int no_daemon_flag = 0;
> 
> /* debug goes to stderr unless inetd_flag is set */
>-static int log_stderr = 0;
>+int log_stderr = 0;
> 
> /* Saved arguments to main(). */
> static char **saved_argv;

Actions: View | Diff

Attachments on bug 3478: 3615 | 3640 | 3641