Displaying 14 results from an estimated 14 matches for "seccomp_filter".
2012 Jul 25
3
seccomp_filter
Can I configure openssh with --sandbox=seccomp_filter and have it still run
on older kernels with sandboxing via rlimit? I'm asking from a linux
distro packaging
point of view. Does --sandbox=seccomp_filter keep the rlimit sandbox?
It looks to
me as if I can only link in one of the sandbox plugins.
An openssh build with seccomp_filter enabled wil...
2012 May 18
1
[Bug 2010] New: bashism in configure seccomp_filter check
https://bugzilla.mindrot.org/show_bug.cgi?id=2010
Bug #: 2010
Summary: bashism in configure seccomp_filter check
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.0p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: unassigned-bugs at m...
2015 Aug 11
0
[Bug 2010] bashism in configure seccomp_filter check
https://bugzilla.mindrot.org/show_bug.cgi?id=2010
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release
2012 May 18
6
[Bug 2011] New: sandbox selection needs some kind of fallback mechanism
...Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: cjwatson at debian.org
At the moment, sandbox selection is done entirely at configure time,
and you get to pick exactly one. The seccomp_filter sandbox, at least,
probes the capabilities of the running kernel in configure.
This sort of approach is straightforward, but doesn't work well for
those of us distributing OpenSSH binaries that are likely to be run on
a different kernel version than is running on our build systems. For
exampl...
2017 Oct 05
2
seccomp filter for dovecot
Hi,
I would like to contribute to dovecot by adding seccomp system call
filtering.
Is this something you would like to merge into the dovecot codebase? If so,
I can put up a PR on github once I complete it.
Thanks,
Archana
2013 Feb 05
5
[Bug 2011] sandbox selection needs some kind of fallback mechanism
...ug.cgi?id=2011
--- Comment #8 from Petr Lautrbach <plautrba at redhat.com> ---
Created attachment 2214
--> https://bugzilla.mindrot.org/attachment.cgi?id=2214&action=edit
don't probe seccomp capability of running kernel in configure
I'd like to add also possibility to build seccomp_filter sandbox on
system with older kernel, E.g. Fedora build systems use buildroots with
needed sources and headers, but system is run with older kernels.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
2016 Jul 14
2
Error when compiling openssh-7.2p2
...Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
Host: x86_64-unknown-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized
-Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess
-Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -...
2019 Oct 31
37
[Bug 3085] New: seccomp issue after upgrading openssl
https://bugzilla.mindrot.org/show_bug.cgi?id=3085
Bug ID: 3085
Summary: seccomp issue after upgrading openssl
Product: Portable OpenSSH
Version: 8.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
2015 Feb 09
3
Connection stalls at debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
...pport: no
Solaris process contract support: no
Solaris project support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
Host: x86_64-unknown-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized
-Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess
-Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memse...
2013 Aug 12
16
[Bug 2142] New: openssh sandboxing using libseccomp
https://bugzilla.mindrot.org/show_bug.cgi?id=2142
Bug ID: 2142
Summary: openssh sandboxing using libseccomp
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2018 Jun 07
2
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
...tract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source:
Privsep sandbox style: seccomp_filter
Host: x86_64-pc-linux-gnu
Compiler: /usr/bin/gcc-8
Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -mfunction-return=thunk -min...
2018 Aug 10
10
Call for testing: OpenSSH 7.8
Hi,
OpenSSH 7.8p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2017 Sep 21
19
Call for testing: OpenSSH 7.6
Hi,
OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2015 Feb 19
34
Call for testing: OpenSSH 6.8
Hi,
OpenSSH 6.8 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains
some substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is