https://bugzilla.mindrot.org/show_bug.cgi?id=3478
Damien Miller <d...@mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |d...@mindrot.org
--- Comment #4 from Damien Miller <d...@mindrot.org> ---
Created attachment 3640
--> https://bugzilla.mindrot.org/attachment.cgi?id=3640&action=edit
safer debugging for seccomp sandbox violations
One thing we could do it make it easier to debug seccomp sandbox
failures. Currently, these require a rebuild of OpenSSH and some
signal-handler unsafe code (though I think its impact is limited to
hung connections).
This tries to make the sandbox violation debugging signal handler safe
and AFAIK safe enough to keep enabled all the time. The only catch is
that it requires stderr attached as every other option (syslog, monitor
log socket) is either unavailable or requires signal handler unsafe
syscalls.
Example (inserting a random setuid() call into sshd.c):
[djm@djm openssh]$ sudo /home/djm/cvs/openssh/sshd -Dep2222
-oPidFile=none -fnone
Server listening on 0.0.0.0 port 2222.
Server listening on :: port 2222.
ssh_sandbox_violation: unexpected system call: arch:0xc000003e
syscall:0x69 addr:0x7f9ad54dc405
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
