Mailing List Archive

[Bug 2011] sandbox selection needs some kind of fallback mechanism
https://bugzilla.mindrot.org/show_bug.cgi?id=2011

--- Comment #1 from Colin Watson <cjwatson@debian.org> 2012-05-19 00:45:42 EST ---
Created attachment 2154
--> https://bugzilla.mindrot.org/attachment.cgi?id=2154
strawman patch for sandbox fallback

Perhaps something along these general lines? I haven't quite got
seccomp_filter working for me with this patch yet; the probing
subprocess gets SIGSYS rather than doing anything more useful.
However, that might be something to do with running 32-bit userspace on
a 64-bit kernel, and it does at least manage to fall back to the rlimit
sandbox.

I'd welcome comments on the general approach, anyway.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2011] sandbox selection needs some kind of fallback mechanism [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=2011

--- Comment #2 from Colin Watson <cjwatson@debian.org> 2012-05-19 03:40:45 EST ---
Created attachment 2155
--> https://bugzilla.mindrot.org/attachment.cgi?id=2155
fixed strawman patch

Kees Cook set me straight; I was configuring with the wrong --build so
it was getting killed by the architecture check (due to my 32-on-64
setup). This version actually works for me.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2011] sandbox selection needs some kind of fallback mechanism [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=2011

Kees Cook <kees@outflux.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |kees@outflux.net

--- Comment #3 from Kees Cook <kees@outflux.net> 2012-05-19 05:52:01 EST ---
FWIW, this looks good to me. I prefer the idea of this being runtime
detected over configure-time detected.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2011] sandbox selection needs some kind of fallback mechanism [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=2011

--- Comment #4 from Damien Miller <djm@mindrot.org> 2012-06-01 10:40:30 EST ---
Created attachment 2160
--> https://bugzilla.mindrot.org/attachment.cgi?id=2160
seccomp-fallback.diff

fallback to rlimit in seccomp sandbox

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2011] sandbox selection needs some kind of fallback mechanism [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=2011

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org

--- Comment #5 from Damien Miller <djm@mindrot.org> 2012-06-01 10:42:05 EST ---
I think the proposed patch is a little over-complicated. The only
viable fallback path at the moment is to the rlimit pseudo-sandbox, so
let's allow that without fatal() for the seccomp case. Attachment #2160
implements this.

I'm happy to revisit this if we ever have a deeper stack of candidate
sandboxes for a platform.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2011] sandbox selection needs some kind of fallback mechanism [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=2011

--- Comment #6 from Darren Tucker <dtucker@zip.com.au> 2012-06-01 10:52:04 EST ---
Comment on attachment 2160
--> https://bugzilla.mindrot.org/attachment.cgi?id=2160
seccomp-fallback.diff

seems reasonable, although I'd make the verbose() calls into debug3s,
since otherwise it'll spam logs.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs