Processed: Re: Bug#1006445: openssh-server: Killed by seccomp after accepting connection (i386)
Processing control commands: > forwarded -1 https://bugzilla.mindrot.org/show_bug.cgi?id=3396 Bug #1006445 [openssh-server] openssh-server: Killed by seccomp after accepting connection (i386) Bug #1006463 [openssh-server] openssh-server: Can't login on any 32-bit box anymore after the server-side has been upgraded to 8.9p1: "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY" Set Bug forwarded-to-address to 'https://bugzilla.mindrot.org/show_bug.cgi?id=3396'. Set Bug forwarded-to-address to 'https://bugzilla.mindrot.org/show_bug.cgi?id=3396'. -- 1006445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006445 1006463: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006463 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1006445: openssh-server: Killed by seccomp after accepting connection (i386)
Control: forwarded -1 https://bugzilla.mindrot.org/show_bug.cgi?id=3396 On Fri, Feb 25, 2022 at 03:50:05PM +, Colin Watson wrote: > On Fri, Feb 25, 2022 at 02:14:58PM +, Paul Brook wrote: > > The attached patch fixes this by adding ppoll_time64 the seccomp sanbox > > filters, > > which seems reasonable as ppoll is already allowed. > > Yeah, this looks reasonable to me too, though for tidiness I'd suggest > moving __NR_ppoll_time64 below __NR_ppoll to match the ordering of > __NR_pselect6 and __NR_pselect6_time64. > > Would you mind sending this upstream to https://bugzilla.mindrot.org/ ? > I can do it for you if you can't, but it's usually best to have fewer > people in the middle of the discussion. Looks like somebody else already filed this at https://bugzilla.mindrot.org/show_bug.cgi?id=3396 with a very similar patch, so no need to send it again. -- Colin Watson (he/him) [cjwat...@debian.org]