On Mon, Jun 10, 2019 at 07:48:03AM -0700, shankarapailoor .
wrote:> I was looking at the openssh seccomp filter and I was curious why is
> shutdown is allowed in the whitelist?
>
> I've been doing an analysis on the openssh code and the callpaths I
find
> which call shutdown have the form:
>
>
main->do_authenticated->server_loop2->channel_after_select->channel_handler->channel_post_mux_client->read_mux->chan_read_failed->chan_shutdown_read->shutdown
>
> However, isn't do_authenticated handled in the parent process which
isn't
> sandboxed? I might be gravely mistaken here so my apologies if I'm
wrong.
It was originally added here:
https://anongit.mindrot.org/openssh.git/commit/?id=7e5cec6070673e9f9785ffc749837ada22fbe99f
... but then that shutdown call was removed here:
https://anongit.mindrot.org/openssh.git/commit/?id=dc5dc45662773c0f7745c29cf77ae2d52723e55e
... so it does indeed seem possible that it's no longer needed, though I
imagine it'd need some testing.
--
Colin Watson [cjwatson at debian.org]