openssh unix dev - Jun 2018 - Is it safe to modify sandbox-seccomp-filter?

Hi openssh-unix-dev,

I'm upgrading the openssh in our system from 6.6 to 7.6. The option
UsePrivilegeSeparation for sshd has been deprecated since 7.5. We used to
set it to yes but it's now sandbox by default.

We are using futex which is not allowed with sandbox. So I have to manually
add the following code change to sandbox-seccomp-filter.c to make it work.
> #ifdef __NR_futex
>         SC_ALLOW(__NR_futex),
> #endif

Will this change cause any security issue?

Thanks,
Wenyi


-- 
Wenyi Cheng

On Mon, 18 Jun 2018, Wenyi Cheng wrote:
> Hi openssh-unix-dev,
> 
> I'm upgrading the openssh in our system from 6.6 to 7.6. The option
> UsePrivilegeSeparation for sshd has been deprecated since 7.5. We used to
> set it to yes but it's now sandbox by default.
> 
> We are using futex which is not allowed with sandbox. So I have to manually
> add the following code change to sandbox-seccomp-filter.c to make it work.
> 
> > #ifdef __NR_futex
> >         SC_ALLOW(__NR_futex),
> > #endif
> 
> 
> Will this change cause any security issue?
For the futex(2) syscall, probably not. 

Barring a kernel bug in the futex implementation itself, I don't think
it likely that it would create a new vulnerability. It could be useful
to an attacker who already has a vulnerability (esp a race condition)
and is struggling to reliably exploit it though.

-d