https://bugzilla.mindrot.org/show_bug.cgi?id=3478
Damien Miller <d...@mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |d...@mindrot.org --- Comment #4 from Damien Miller <d...@mindrot.org> --- Created attachment 3640 --> https://bugzilla.mindrot.org/attachment.cgi?id=3640&action=edit safer debugging for seccomp sandbox violations One thing we could do it make it easier to debug seccomp sandbox failures. Currently, these require a rebuild of OpenSSH and some signal-handler unsafe code (though I think its impact is limited to hung connections). This tries to make the sandbox violation debugging signal handler safe and AFAIK safe enough to keep enabled all the time. The only catch is that it requires stderr attached as every other option (syslog, monitor log socket) is either unavailable or requires signal handler unsafe syscalls. Example (inserting a random setuid() call into sshd.c): [djm@djm openssh]$ sudo /home/djm/cvs/openssh/sshd -Dep2222 -oPidFile=none -fnone Server listening on 0.0.0.0 port 2222. Server listening on :: port 2222. ssh_sandbox_violation: unexpected system call: arch:0xc000003e syscall:0x69 addr:0x7f9ad54dc405 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs