https://bugzilla.mindrot.org/show_bug.cgi?id=2361
--- Comment #14 from Jakub Jelen <[email protected]> --- Created attachment 2648 --> https://bugzilla.mindrot.org/attachment.cgi?id=2648&action=edit proposed patch - stat and shutdown on ix68 Some further catch ups: 1) stat syscall is not as legacy as expected -- gsssapi library issues such syscall even on x86_64 (based on [1]). Proposing to add back also stat to make sure everything works. 2) Socket shutdown is handled by socketcall on i386 linux so we are getting "socket closed" errors instead of correct closing connection. Audit messages: Jun 16 09:27:51 host audit[11004]: SECCOMP auid=4294967295 uid=74 gid=74 ses=4294967295 subj=system_u:system_r:sshd_net_t:s0-s0:c0.c1023 pid=11004 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000003 syscall=102 compat=0 ip=0xb77d5be8 code=0x0 Jun 16 09:27:51 host sshd[11003]: error: mm_request_receive: socket closed # ausyscall 102 socketcall We don't want to allow all the syscalls [2] from socketcall. Best would be to allow only SYS_SHUTDOWN as first argument but in the current code of seccomp filter, there is no possibility to filter through function arguments. Adding so would require additional complexity, but it would be great to have it "right way", even if it doesn't matter much during connection close. See proposed patch with hand-baked seccomp filter for first argument check. I don't see the changes from previous comments in portable repository so the patch is not directly applicable (stat part). Tested on Fedora 22 with openssh-6.8 and after applying this patch, I no longer see SECCOMP messages. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1228323 [2] http://jkukunas.blogspot.cz/2010/05/x86-linux-networking-system-calls.html -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
