https://bugzilla.mindrot.org/show_bug.cgi?id=3430
Bug ID: 3430
Summary: 64 bit time and seccomp conflict
Product: Portable OpenSSH
Version: 8.9p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-b...@mindrot.org
Reporter: alack...@gmail.com
I found that glibc with support for 64-bit time could crash sshd
process with enabled seccomp seccomp. Test environment:
-Kernel 4.14.x
-32 bit ARM CPU
-glibc 2.34
-OpenSSH 8.9p1
-Toolchain: GCC 10
Syscall wrappers like a clock_gettime
(https://github.com/bminor/glibc/blob/glibc-2.34/sysdeps/unix/sysv/linux/clock_gettime.c)
first run syscall dedicated for kernels that support 64 bit time. If
this syscall failed with ENOSYS error, then glibc calls traditional
variant for 32 bit time.
OpenSSH in source code tries to figure which syscalls are supported by
kernel and only supported syscalls are added as an allowed in seccomp
(https://github.com/openssh/openssh-portable/blob/master/sandbox-seccomp-filter.c).
Because kernel 4.14 doesn’t support syscalls for 64 bit time,
__NR_clock_gettime64 is not added as a trusted syscall to seccomp. As a
result OpenSSH process is killed by seccomp every time when it tries to
use clock_gettime from glibc.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
