2905 – git: missing futex allow in sandbox seccomp filter

Bug 2905 - git: missing futex allow in sandbox seccomp filter

Summary: git: missing futex allow in sandbox seccomp filter

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	-current
Hardware:	amd64 Linux

Importance:	P5 minor
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_7_9
	Show dependency tree / graph

Reported:	2018-09-14 19:19 AEST by Arkadiusz Miśkiewicz
Modified:	2018-10-19 17:17 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arkadiusz Miśkiewicz 2018-09-14 19:19:21 AEST

I'm testing git version

commit beb9e522dc7717df08179f9e59f36b361bfa14ab (HEAD -> master, origin/master, origin/HEAD)
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 14 05:26:27 2018 +0000

    upstream: second try, deals properly with missing and private-only

with openssl 1.1.1, linux 4.9.125, glibc 2.28 and it fails:

run test keytype.sh ...
keygen dsa, 1024 bits
keygen rsa, 2048 bits
keygen rsa, 3072 bits
keygen ed25519, 512 bits
keygen ecdsa, 256 bits
keygen ecdsa, 384 bits
keygen ecdsa, 521 bits
userkey dsa-1024, hostkey dsa-1024
userkey dsa-1024, hostkey dsa-1024
userkey dsa-1024, hostkey dsa-1024
userkey rsa-2048, hostkey rsa-2048
userkey rsa-2048, hostkey rsa-2048
userkey rsa-2048, hostkey rsa-2048
userkey rsa-3072, hostkey rsa-3072
userkey rsa-3072, hostkey rsa-3072
userkey rsa-3072, hostkey rsa-3072
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ecdsa-256, hostkey ecdsa-256
userkey ecdsa-256, hostkey ecdsa-256
userkey ecdsa-256, hostkey ecdsa-256
userkey ecdsa-384, hostkey ecdsa-384
userkey ecdsa-384, hostkey ecdsa-384
userkey ecdsa-384, hostkey ecdsa-384
userkey ecdsa-521, hostkey ecdsa-521
userkey ecdsa-521, hostkey ecdsa-521
userkey ecdsa-521, hostkey ecdsa-521
failed login with different key types
make[1]: *** [Makefile:207: t-exec] Error 1



Stripped test down to test ed25519-512 only:

regress]$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` keytype.sh
keygen ed25519, 512 bits
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
userkey ed25519-512, hostkey ed25519-512
ssh userkey ed25519-512, hostkey ed25519-512 failed
failed login with different key types

straced sshd and sshd gets killed due to futex() usage:

16253 <... write resumed> )             = 52
16252 <... write resumed> )             = 39
16252 read(10,  <unfinished ...>
16253 futex(0x7f2837d35b04, FUTEX_WAKE_PRIVATE, 2147483647 <unfinished ...>
16252 <... read resumed> "\0\0\0A", 4)  = 4
16252 read(10,  <unfinished ...>
16253 <... futex resumed>)              = ?
16252 <... read resumed> "\0\0\0\5\0\0\09auth_activate_options: setting new authentication options", 65) = 65
16252 write(3, "debug1: auth_activate_options: setting new authentication options [preauth]\r\n", 77) = 77
16252 read(10, "\0\0\0:", 4)            = 4
16252 read(10, "\0\0\0\6\0\0\0002userauth_pubkey: authenticated 1 pkalg ssh-ed25519", 58) = 58
16252 write(3, "debug2: userauth_pubkey: authenticated 1 pkalg ssh-ed25519 [preauth]\r\n", 70) = 70
16252 read(10, "\0\0\08", 4)            = 4
16252 read(10, "\0\0\0\7\0\0\0000user_specific_delay: user specific delay 0.000ms", 56) = 56
16253 +++ killed by SIGSYS +++
16252 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=16253, si_uid=1000, si_status=SIGSYS, si_utime=1, si_stime=0} ---
16252 write(3, "debug3: user_specific_delay: user specific delay 0.000ms [preauth]\r\n", 68) = 68
16252 read(10, "\0\0\0X", 4)            = 4
16252 read(10, "\0\0\0\7\0\0\0Pensure_minimum_time_since: elapsed 8.354ms, delaying 3.904ms (requested 6.129ms)", 88) = 88
16252 write(3, "debug3: ensure_minimum_time_since: elapsed 8.354ms, delaying 3.904ms (requested 6.129ms) [preauth]\r\n", 100) = 100
16252 read(10, "\0\0\0\34", 4)          = 4
16252 read(10, "\0\0\0\7\0\0\0\24send packet: type 52", 28) = 28
16252 write(3, "debug3: send packet: type 52 [preauth]\r\n", 40) = 40
16252 read(10, "\0\0\0)", 4)            = 4
16252 read(10, "\0\0\0\7\0\0\0!mm_request_send entering: type 26", 41) = 41
16252 write(3, "debug3: mm_request_send entering: type 26 [preauth]\r\n", 53) = 53
16252 read(10, "\0\0\0000", 4)          = 4
16252 read(10, "\0\0\0\7\0\0\0(mm_send_keystate: Finished sending state", 48) = 48
16252 write(3, "debug3: mm_send_keystate: Finished sending state [preauth]\r\n", 60) = 60
16252 read(10, "", 4)                   = 0
16252 write(3, "debug1: monitor_read_log: child log fd closed\r\n", 47) = 47
16252 close(10)                         = 0
16252 wait4(16253, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGSYS}], 0, NULL) = 16253
16252 write(3, "privsep_preauth: preauth child terminated by signal 31\r\n", 56) = 56


With 

--- sandbox-seccomp-filter.c.org	2018-09-14 10:56:00.557388954 +0200
+++ sandbox-seccomp-filter.c	2018-09-14 11:13:00.051826982 +0200
@@ -166,6 +166,9 @@
 #ifdef __NR_exit_group
 	SC_ALLOW(__NR_exit_group),
 #endif
+#ifdef	__NR_futex
+	SC_ALLOW(__NR_futex),
+#endif
 #ifdef __NR_geteuid
 	SC_ALLOW(__NR_geteuid),
 #endif


entire above test and entire test suite completes with success.

"all tests passed"

Comment 1 Damien Miller 2018-09-15 19:39:09 AEST

Committed - thanks

Comment 2 Damien Miller 2018-10-19 17:17:26 AEDT

Close RESOLVED bugs with the release of openssh-8.0