Displaying 20 results from an estimated 700 matches similar to: "[Bug 3085] New: seccomp issue after upgrading openssl"
2024 Jun 15
11
[Bug 3702] New: sshd fork crashed when compiled with seccomp
https://bugzilla.mindrot.org/show_bug.cgi?id=3702
Bug ID: 3702
Summary: sshd fork crashed when compiled with seccomp
Product: Portable OpenSSH
Version: 9.7p1
Hardware: ARM64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2016 Jun 17
14
[Bug 2590] New: Seccomp filter for missing architectures
https://bugzilla.mindrot.org/show_bug.cgi?id=2590
Bug ID: 2590
Summary: Seccomp filter for missing architectures
Product: Portable OpenSSH
Version: 7.2p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P5
Component: sshd
2019 Oct 09
52
[Bug 3079] New: Tracking bug for 8.2 release
https://bugzilla.mindrot.org/show_bug.cgi?id=3079
Bug ID: 3079
Summary: Tracking bug for 8.2 release
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: All
Status: NEW
Keywords: meta
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee:
2020 May 08
79
[Bug 3162] New: Tracking bug for 8.4 release
https://bugzilla.mindrot.org/show_bug.cgi?id=3162
Bug ID: 3162
Summary: Tracking bug for 8.4 release
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: All
Status: NEW
Keywords: meta
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee:
2017 May 09
5
[PATCH 0/3] Allow syscalls for openssl engines
This patchset allow syscalls (flock, ipc, getuid, geteuid and ioctl), so
openssl engines, e.g. OpenSSL-ibmca and OpenSSL-ibmpkcs11, can work and
communicate with the crypto cards during ssh login.
1. The flock and ipc are allowed only for s390 architecture. They are needed
for openCryptoki project (PKCS#11 implementation), as the ibmpkcs11 engine
makes use of openCryptoki.
For more information,
2017 Mar 14
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
I've committed this diff. Please test and confirm that it works ok.
(If not, then I've botched the macro fixes in the previous commit)
Thanks,
Damien Miller
On Tue, 14 Mar 2017, Damien Miller wrote:
> ok, with the fixes for the seccomp-bpf sandbox that I just committed
> the diff reduces to.
>
> IMO this is scoped narrowly enough to go in.
>
> -d
>
> diff
2017 Feb 13
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
This patch enables specific ioctl calls for ICA crypto card on s390
platform. Without this patch, users using the IBMCA engine are not able
to perform ssh login as the filter blocks the communication with the
crypto card.
Signed-off-by: Harald Freudenberger <freude at linux.vnet.ibm.com>
Signed-off-by: Eduardo Barretto <ebarretto at linux.vnet.ibm.com>
---
sandbox-seccomp-filter.c |
2017 Mar 03
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
On 03-03-2017 09:54, Petr Cerny wrote:
> Damien Miller wrote:
>> On Tue, 28 Feb 2017, Eduardo Barretto wrote:
>>
>>> On 13-02-2017 13:23, Eduardo Barretto wrote:
>>> > This patch enables specific ioctl calls for ICA crypto card on s390
>>> > platform. Without this patch, users using the IBMCA engine are not
>>> able
>>> > to
2017 Mar 02
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
On Tue, 28 Feb 2017, Eduardo Barretto wrote:
> On 13-02-2017 13:23, Eduardo Barretto wrote:
> > This patch enables specific ioctl calls for ICA crypto card on s390
> > platform. Without this patch, users using the IBMCA engine are not able
> > to perform ssh login as the filter blocks the communication with the
> > crypto card.
> >
> > Signed-off-by: Harald
2022 May 06
9
[Bug 3430] New: 64 bit time and seccomp conflict
https://bugzilla.mindrot.org/show_bug.cgi?id=3430
Bug ID: 3430
Summary: 64 bit time and seccomp conflict
Product: Portable OpenSSH
Version: 8.9p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
2013 Feb 07
6
[Bug 2069] New: arm support for sandbox_seccomp_filter
https://bugzilla.mindrot.org/show_bug.cgi?id=2069
Bug ID: 2069
Summary: arm support for sandbox_seccomp_filter
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
2012 Apr 03
1
"Failed to create rounding.h!" during make
Hello All,
I'm attempting to compile rsync on Solaris 10 x86 to include atime
support.
I've managed to patch the source, and install gcc and the necessary other
packages necessary to get as far as ./configure successfully (I'm afraid
I'm more of a linux than a solaris guy).
I'm unable to "make" the Makefile. Did some STFW'ing and have found
several variations
2015 Feb 11
2
[PATCH] seccomp: allow the getrandom system call.
*SSL libraries or the C library may/will require it.
---
sandbox-seccomp-filter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index b6f6258..846bc08 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -129,6 +129,9 @@ static const struct sock_filter preauth_insns[] = {
#else
SC_ALLOW(sigprocmask),
#endif
2012 Jul 25
3
seccomp_filter
Can I configure openssh with --sandbox=seccomp_filter and have it still run
on older kernels with sandboxing via rlimit? I'm asking from a linux
distro packaging
point of view. Does --sandbox=seccomp_filter keep the rlimit sandbox?
It looks to
me as if I can only link in one of the sandbox plugins.
An openssh build with seccomp_filter enabled will probably have no sandbox
at all on linux <
2013 Feb 05
5
[Bug 2011] sandbox selection needs some kind of fallback mechanism
https://bugzilla.mindrot.org/show_bug.cgi?id=2011
--- Comment #8 from Petr Lautrbach <plautrba at redhat.com> ---
Created attachment 2214
--> https://bugzilla.mindrot.org/attachment.cgi?id=2214&action=edit
don't probe seccomp capability of running kernel in configure
I'd like to add also possibility to build seccomp_filter sandbox on
system with older kernel, E.g. Fedora
2017 Oct 05
2
seccomp filter for dovecot
Hi,
I would like to contribute to dovecot by adding seccomp system call
filtering.
Is this something you would like to merge into the dovecot codebase? If so,
I can put up a PR on github once I complete it.
Thanks,
Archana
2013 Aug 12
16
[Bug 2142] New: openssh sandboxing using libseccomp
https://bugzilla.mindrot.org/show_bug.cgi?id=2142
Bug ID: 2142
Summary: openssh sandboxing using libseccomp
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2019 Jun 30
2
Possibly Missing Syscalls from Seccomp Filter
Hi!
I'm investigating the seccomp filter in openssh and I wanted to know
whether the following system calls should be added to the filter:
1. getgroups
-
do_authentication2->dispatch_run_fatal->sshpkt_fatal->logdie->cleanup_exit->do_cleanup->temporarily_use_uid->getgroups
2. setgroups
-
2012 May 18
6
[Bug 2011] New: sandbox selection needs some kind of fallback mechanism
https://bugzilla.mindrot.org/show_bug.cgi?id=2011
Bug #: 2011
Summary: sandbox selection needs some kind of fallback
mechanism
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
2023 Mar 10
3
Call for testing: OpenSSH 9.3
Hi,
OpenSSH 9.3p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at