https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #31 from JM ---
Created attachment 3780
--> https://bugzilla.mindrot.org/attachment.cgi?id=3780=edit
bpf-filters-dumped.txt
printing the BPF filters at runtime
--
You are receiving this mail because:
You are watching someone on
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #30 from JM ---
Created attachment 3779
--> https://bugzilla.mindrot.org/attachment.cgi?id=3779=edit
gdp-output.txt
gdb output before the errorring call to getpid
--
You are receiving this mail because:
You are watching someone
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #29 from JM ---
> Also, if you can catch the sandbox-violation in gdb, getting a disassembly of
> instructions around the violation would be instructive.
tl;dr reviewing disassembly of a `getpid` call that violates the
sandbox shows
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #28 from JM ---
> I'd like to reproduce this locally. Could you please attach /etc/os-release
> and the output of "dpkg -l" from the affected device?
Attached in `RPi4-dpkg-l.txt` and `RPi4.info`.
> Also, if you can catch the
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #27 from Damien Miller ---
Could you please provide this information so we can try to replicate it
ourselves:
(In reply to Darren Tucker from comment #11)
> I'd like to reproduce this locally. Could you please attach
>
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #26 from JM ---
tl;dr a seccomp sandbox violation `20` occurs from a `read` (still).
This is just a more detailed retelling of what was previously
discussed.
Scroll to end for thoughts...
### problem specifics
Failed
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #25 from Damien Miller ---
ok, so now I have no idea what is going wrong. Maybe there is something
in OpenSSH's compile flags that is messing this up.
Could you add try adding a similar printf+getpid+exit sequence to (say)
the start
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #24 from JM ---
> Could you try building and running this program. E.g.
>
> $ cc -o syscall syscall.c
> $ ./syscall
> $ strace -n ./syscall
Raspberry Pi 4 (RPi4), aarch64, Raspbian-Debian 11, (openssh 9.5p1
client thread aborts):
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #23 from Damien Miller ---
i.e. run it on a platform that works and the one that doesn't
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #22 from Damien Miller ---
Created attachment 3774
--> https://bugzilla.mindrot.org/attachment.cgi?id=3774=edit
syscall dumper
Could you try building and running this program. E.g.
$ cc -o syscall syscall.c
$ ./syscall
$ strace
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #21 from JM ---
A little more info about `__NR_getpid` and `__NR_epoll_create1` (not
sure if this is relevant but in case you were curious)
On RPi4 (has aborts)
$ grep -r -Ee '__NR_getpid|__NR_epoll_create1' -- /usr/include/
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #20 from JM ---
Created attachment 3773
--> https://bugzilla.mindrot.org/attachment.cgi?id=3773=edit
NanoPi-dpkg-l.txt
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #19 from JM ---
Created attachment 3772
--> https://bugzilla.mindrot.org/attachment.cgi?id=3772=edit
RPi4.info
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #18 from JM ---
Created attachment 3771
--> https://bugzilla.mindrot.org/attachment.cgi?id=3771=edit
RPi3.info
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #17 from JM ---
Created attachment 3770
--> https://bugzilla.mindrot.org/attachment.cgi?id=3770=edit
NanoPi_NEO3.info
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #16 from JM ---
Created attachment 3769
--> https://bugzilla.mindrot.org/attachment.cgi?id=3769=edit
RPi3-dpkg-l.txt
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #15 from JM ---
Created attachment 3768
--> https://bugzilla.mindrot.org/attachment.cgi?id=3768=edit
RPi4-dpkg-l.txt
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #14 from JM ---
Created attachment 3767
--> https://bugzilla.mindrot.org/attachment.cgi?id=3767=edit
config-9.2p1.h
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #13 from JM ---
Created attachment 3766
--> https://bugzilla.mindrot.org/attachment.cgi?id=3766=edit
config-9.1p1.h
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #12 from JM ---
tl;dr compiles and runs okay on a Raspberry Pi3 and NanoPi NEO3 running
similar OS
For comparison, I've included three similar, not the same, platforms:
- Raspberry Pi 4 (RPi4) (aarch64) (Raspbian) on which this bug
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #11 from Darren Tucker ---
I'd like to reproduce this locally. Could you please attach
/etc/os-release and the output of "dpkg -l" from the affected device?
--
You are receiving this mail because:
You are watching someone on the CC
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #10 from Darren Tucker ---
(In reply to Damien Miller from comment #9)
> It's likely that something is trying to use the epoll(3) API.
> OpenSSH itself doesn't use epoll, so it's likely to be something in
> libc, libcrypto or another
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #9 from Damien Miller ---
hmm, it looks like I might have been wrong with the syscall number:
> [djm@djm linux]$ grep ' 20$' include/uapi/asm-generic/unistd.h
> #define __NR_epoll_create1 20
It's likely that something is trying to
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #8 from Darren Tucker ---
Created attachment 3765
--> https://bugzilla.mindrot.org/attachment.cgi?id=3765=edit
config.h from 9.2p1 working on rpi4
here's the configure output and config.h from my working system for
comparison.
--
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #7 from Darren Tucker ---
Created attachment 3764
--> https://bugzilla.mindrot.org/attachment.cgi?id=3764=edit
configure output from 9.2p1 working on rpi4
--
You are receiving this mail because:
You are watching the assignee of
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #6 from Darren Tucker ---
JM: what compiler are you using?
Another thing that might be interesting is to compare config.h and the
output of configure from 9.1p1 with those of 9.2p1 and see if anything
unexpectedly changed.
--
You
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #5 from Darren Tucker ---
(In reply to Damien Miller from comment #4)
> This is the details of the sandbox violation:
>
> > ssh_sandbox_violation: unexpected system call (arch:0x4028,syscall:20 @
> > 0xf7ba380c
>
> syscall 20
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
Damien Miller changed:
What|Removed |Added
CC||d...@mindrot.org
--- Comment #4 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
JM changed:
What|Removed |Added
Summary|server thread aborts during |server thread aborts during
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #3 from JM ---
Created attachment 3763
--> https://bugzilla.mindrot.org/attachment.cgi?id=3763=edit
full formatted output of prctl(PR_SET_SECCOMP, ...)
--
You are receiving this mail because:
You are watching the assignee of the
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
--- Comment #2 from JM ---
tl;dr `strace` reveals error
`"\0\0\0c\0\0\0\1\0\0\0\0\0\0\0Wssh_sandbox_violation: unexpected
system call (arch:0x4028,syscall:20 @ 0xf7ba380c)"`
in response to a very large `prctl` Linux function call. (skip to
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
Darren Tucker changed:
What|Removed |Added
CC||dtuc...@dtucker.net
--- Comment #1 from
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
JM changed:
What|Removed |Added
CC||jtm.moon.forum.user+mindrot
|
33 matches
Mail list logo
