Debian Bug report logs - #1006445
openssh-server: Killed by seccomp after accepting connection (i386)

version graph

Package: openssh-server; Maintainer for openssh-server is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for openssh-server is src:openssh (PTS, buildd, popcon).

Reported by: Paul Brook <paul@nowt.org>

Date: Fri, 25 Feb 2022 15:03:02 UTC

Severity: grave

Tags: patch

Merged with 1006463

Found in versions 1:8.9p1-2.1, openssh/1:8.9p1-2

Fixed in version openssh/1:8.9p1-3

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://bugzilla.mindrot.org/show_bug.cgi?id=3396

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#1006445; Package openssh-server. (Fri, 25 Feb 2022 15:03:04 GMT) (full text, mbox, link).

Acknowledgement sent to Paul Brook <paul@nowt.org>:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 25 Feb 2022 15:03:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Paul Brook <paul@nowt.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openssh-server: Killed by seccomp after accepting connection (i386)
Date: Fri, 25 Feb 2022 14:14:58 +0000
[Message part 1 (text/plain, inline)]
Package: openssh-server
Version: 1:8.9p1-2.1
Severity: important
Tags: patch

Dear Maintainer,

After accepting an ssh connection, the sshd process is killed and I see
the following in dmesg:

audit: type=1326 audit(1645794361.669:40): auid=0 uid=100 gid=65534 ses=1 subj==unconfined pid=8338 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000003 syscall=414 compat=0 ip=0xb7ee3559 code=0x0

Sysycall 414 is ppoll_time64, so I'm guessing this is fallout from
ongoing 2038 fixes.

The attached patch fixes this by adding ppoll_time64 the seccomp sanbox filters,
which seems reasonable as ppoll is already allowed.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 5.16.0-2-686-pae (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.79
ii  dpkg                   1.21.1
ii  init-system-helpers    1.62
ii  libaudit1              1:3.0.7-1
ii  libc6                  2.33-7
ii  libcom-err2            1.46.5-2
ii  libcrypt1              1:4.4.27-1.1
ii  libgssapi-krb5-2       1.19.2-2
ii  libkrb5-3              1.19.2-2
ii  libpam-modules         1.4.0-11
ii  libpam-runtime         1.4.0-11
ii  libpam0g               1.4.0-11
ii  libselinux1            3.3-1+b1
ii  libssl1.1              1.1.1m-1
ii  libsystemd0            250.3-2
ii  libwrap0               7.6.q-31
ii  lsb-base               11.1.0
ii  openssh-client         1:8.9p1-2.1
ii  openssh-sftp-server    1:8.9p1-2
ii  procps                 2:3.3.17-6
ii  runit-helper           2.10.3
ii  ucf                    3.0043
ii  zlib1g                 1:1.2.11.dfsg-2

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  250.3-2
pn  ncurses-term             <none>
ii  xauth                    1:1.1-1

Versions of packages openssh-server suggests:
ii  molly-guard   0.7.2
pn  monkeysphere  <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information:
  ssh/insecure_telnetd:
  ssh/vulnerable_host_keys:
* ssh/use_old_init_script: true
  ssh/new_config: true
  ssh/insecure_rshd:
* openssh-server/permit-root-login: true
  ssh/disable_cr_auth: false
  openssh-server/password-authentication: false
  ssh/encrypted_host_key_but_no_keygen:

[patch (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#1006445; Package openssh-server. (Fri, 25 Feb 2022 15:54:03 GMT) (full text, mbox, link).

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 25 Feb 2022 15:54:03 GMT) (full text, mbox, link).

Message #10 received at 1006445@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>
To: Paul Brook <paul@nowt.org>, 1006445@bugs.debian.org
Subject: Re: Bug#1006445: openssh-server: Killed by seccomp after accepting connection (i386)
Date: Fri, 25 Feb 2022 15:50:05 +0000
On Fri, Feb 25, 2022 at 02:14:58PM +0000, Paul Brook wrote:
> After accepting an ssh connection, the sshd process is killed and I see
> the following in dmesg:
> 
> audit: type=1326 audit(1645794361.669:40): auid=0 uid=100 gid=65534 ses=1 subj==unconfined pid=8338 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=40000003 syscall=414 compat=0 ip=0xb7ee3559 code=0x0
> 
> Sysycall 414 is ppoll_time64, so I'm guessing this is fallout from
> ongoing 2038 fixes.

More likely fallout from the move from select()/pselect() to
poll()/ppoll() in 8.9.  I suspect this affects most 32-bit Linux
architectures.

> The attached patch fixes this by adding ppoll_time64 the seccomp sanbox filters,
> which seems reasonable as ppoll is already allowed.

Yeah, this looks reasonable to me too, though for tidiness I'd suggest
moving __NR_ppoll_time64 below __NR_ppoll to match the ordering of
__NR_pselect6 and __NR_pselect6_time64.

Would you mind sending this upstream to https://bugzilla.mindrot.org/ ?
I can do it for you if you can't, but it's usually best to have fewer
people in the middle of the discussion.

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]

Severity set to 'grave' from 'important' Request was from Colin Watson <cjwatson@debian.org> to 1006463-submit@bugs.debian.org. (Fri, 25 Feb 2022 22:30:08 GMT) (full text, mbox, link).

Marked as found in versions openssh/1:8.9p1-2. Request was from Colin Watson <cjwatson@debian.org> to 1006463-submit@bugs.debian.org. (Fri, 25 Feb 2022 22:30:09 GMT) (full text, mbox, link).

Merged 1006445 1006463 Request was from Colin Watson <cjwatson@debian.org> to 1006463-submit@bugs.debian.org. (Fri, 25 Feb 2022 22:30:10 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#1006445; Package openssh-server. (Fri, 25 Feb 2022 23:33:03 GMT) (full text, mbox, link).

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 25 Feb 2022 23:33:03 GMT) (full text, mbox, link).

Message #21 received at 1006445@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>
To: 1006445@bugs.debian.org
Cc: Paul Brook <paul@nowt.org>
Subject: Re: Bug#1006445: openssh-server: Killed by seccomp after accepting connection (i386)
Date: Fri, 25 Feb 2022 23:29:56 +0000
Control: forwarded -1 https://bugzilla.mindrot.org/show_bug.cgi?id=3396

On Fri, Feb 25, 2022 at 03:50:05PM +0000, Colin Watson wrote:
> On Fri, Feb 25, 2022 at 02:14:58PM +0000, Paul Brook wrote:
> > The attached patch fixes this by adding ppoll_time64 the seccomp sanbox filters,
> > which seems reasonable as ppoll is already allowed.
> 
> Yeah, this looks reasonable to me too, though for tidiness I'd suggest
> moving __NR_ppoll_time64 below __NR_ppoll to match the ordering of
> __NR_pselect6 and __NR_pselect6_time64.
> 
> Would you mind sending this upstream to https://bugzilla.mindrot.org/ ?
> I can do it for you if you can't, but it's usually best to have fewer
> people in the middle of the discussion.

Looks like somebody else already filed this at
https://bugzilla.mindrot.org/show_bug.cgi?id=3396 with a very similar
patch, so no need to send it again.

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]

Set Bug forwarded-to-address to 'https://bugzilla.mindrot.org/show_bug.cgi?id=3396'. Request was from Colin Watson <cjwatson@debian.org> to 1006445-submit@bugs.debian.org. (Fri, 25 Feb 2022 23:33:03 GMT) (full text, mbox, link).

Message sent on to Paul Brook <paul@nowt.org>:
Bug#1006445. (Fri, 25 Feb 2022 23:33:05 GMT) (full text, mbox, link).

Message #26 received at 1006445-submitter@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>
To: 1006445-submitter@bugs.debian.org
Subject: Bug#1006445 marked as pending in openssh
Date: Fri, 25 Feb 2022 23:30:37 +0000
Control: tag -1 pending

Hello,

Bug #1006445 in openssh reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/ssh-team/openssh/-/commit/62765c0d4297dae75c91aa1d3191df3e3a1b5893

------------------------------------------------------------------------
Allow ppoll_time64 in seccomp filter

Closes: #1006445
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1006445

Added tag(s) pending. Request was from Colin Watson <cjwatson@debian.org> to 1006445-submitter@bugs.debian.org. (Fri, 25 Feb 2022 23:33:05 GMT) (full text, mbox, link).

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Fri, 25 Feb 2022 23:51:03 GMT) (full text, mbox, link).

Notification sent to Paul Brook <paul@nowt.org>:
Bug acknowledged by developer. (Fri, 25 Feb 2022 23:51:03 GMT) (full text, mbox, link).

Message #33 received at 1006445-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 1006445-close@bugs.debian.org
Subject: Bug#1006445: fixed in openssh 1:8.9p1-3
Date: Fri, 25 Feb 2022 23:49:11 +0000
Source: openssh
Source-Version: 1:8.9p1-3
Done: Colin Watson <cjwatson@debian.org>

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1006445@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 25 Feb 2022 23:30:49 +0000
Source: openssh
Architecture: source
Version: 1:8.9p1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1006445
Changes:
 openssh (1:8.9p1-3) unstable; urgency=medium
 .
   * Allow ppoll_time64 in seccomp filter (closes: #1006445).
Checksums-Sha1:
 6bcada9d5d735eb6aaedd80b049078e4a0fb20b9 3347 openssh_8.9p1-3.dsc
 293975449fd17feac51d17ea297ee4dcc9fabe4b 187396 openssh_8.9p1-3.debian.tar.xz
Checksums-Sha256:
 a2a80fc6996b7515d78ba95a9af0bb2118c77c0c7667ec88800289cb3b37116a 3347 openssh_8.9p1-3.dsc
 622cf1c9ab5e804d39400d97ca2a57324c02773af0f27c60c20dcff22c82ca97 187396 openssh_8.9p1-3.debian.tar.xz
Files:
 c96150a1b2cfb8479b4742f0948e9d9a 3347 net standard openssh_8.9p1-3.dsc
 9d751b8e3262ebef8413ae311f8dd7d3 187396 net standard openssh_8.9p1-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmIZZs8ACgkQOTWH2X2G
UAtJbg/+PhzuRz33ZtOoMtdBWzUe+2vS3uPV57+G6x94VX+G0TplHwiMrfAqJc9t
RHH85QqCBOe6qRN8emRUxOwm0MZsIUgStHcuvgqctkKzGT4RFucj3jc3B78G9SqS
WbIPqkHF2+755HAXgt+PWp9grvKVZ0ptrbRpoveeY6RSNXJqGtbqwmsCe31s6GXo
iLSxNlEkf+8vzlaV6fe4md/xYRFOZBBef63JtmY0geUODwWwVfMI3ExKHfdxnAZf
oaGMmZ5MqSatu/U6jhswGiNxgixsvo5E68dmtrCecyC0JzSlgYIXoWH3PUg5R6UT
lvvdjbJw9JJjuN2QfPZabWR+9RexW02ipTllhyD0s1N3fQNqhJBMiuQbwKa0BiQX
BACzCeSMhtow4KD53Me7OOcECAUy+i8wKgQ6egZ02xT2kFSO9+laoTFnEMeA1rtG
aan7Aj+7JspAzwSISqDkyMvXirmriTUrJf7PjyldQZuXVPFaq8Wzx5My95mTh9ad
nHXHIhl3TUCOzNQfzVa5jEvvcwdbE2h5zZs0bVgK8y6V8SYyyYwNJImMWPGK/uyU
/jMkt/KUTOafPntA7/4IfoyD90vMaehDH0Mk3feIk09eTIvpeLivV6m34NXpL3ax
z5g/TkrGAAlsj8aTJA2LsyPKu0jJSqQkN2qIoYDO+aGqA/I9uP0=
=zjET
-----END PGP SIGNATURE-----

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Fri, 25 Feb 2022 23:51:04 GMT) (full text, mbox, link).

Notification sent to Axel Beckert <abe@debian.org>:
Bug acknowledged by developer. (Fri, 25 Feb 2022 23:51:04 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 26 Mar 2022 07:26:44 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Mar 25 18:20:35 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.