| Summary: | seccomp additions for glibc 2.33 on 32-bit platforms | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Nick Alcock <nix> | ||||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||
| Status: | CLOSED FIXED | ||||||||
| Severity: | major | CC: | dtucker, jjelen | ||||||
| Priority: | P5 | ||||||||
| Version: | 8.4p1 | ||||||||
| Hardware: | ix86 | ||||||||
| OS: | Linux | ||||||||
| Bug Depends on: | |||||||||
| Bug Blocks: | 3217 | ||||||||
| Attachments: |
|
||||||||
Comment on attachment 3470 [details] seccomp additions for glibc 2.33 The __NR_pselect6_time64 is already in as reported in the bug #3232 and merged upstream as [1]. The __NR_futex_time64 has wrong ifdef at this moment and should say: +#ifdef __NR_futex_time64 + SC_ALLOW(__NR_futex_time64), +#endif [1] https://github.com/openssh/openssh-portable/commit/0f90440ca Created attachment 3471 [details]
remaining seccomp addition for glibc 2.33
Sorry, I forgot to check master with the obviously wrong reasoning that portable-openssh changes wouldn't go in there (even though I already know they do, routinely). Fixed patch against master attached. Patch applied, thanks.
Can you specify which platforms this occurs on? I think it should be caught by the regression tests when run with sudo/doas ("make tests SUDO=sudo") and I'd like to see if we can improve our test coverage.
It'll happen on any glibc-using Linux platform with a 32-bit glibc 2.33+ and a sufficiently recent kernel, though "sufficiently recent" is architecture-dependent: on kernel 5.1+, all 32-bit architectures with this glibc release will use these syscalls. (See sysdeps/unix/sysv/linux/kernel-features.h in the glibc 2.33 source tree.) close bugs that were resolved in OpenSSH 8.5 release cycle |
Created attachment 3470 [details] seccomp additions for glibc 2.33 glibc 2.33+ on these platforms, when used in conjunction with newer Linux kernels, needs various new syscalls in the seccomp whitelist (they've been added to allow for post-2038 time). Patch against 8.4p1 attached. Ranked major because it builds fine but then fails at connection-accept time, which can lead to service loss and annoying trips to get a console (thankfully I only had to make a trip across the room to plug the serial console in).