similar to: seccomp filter for dovecot

Displaying 20 results from an estimated 5000 matches similar to: "seccomp filter for dovecot"

2017 Oct 06
0
seccomp filter for dovecot
On 06.10.2017 00:21, Phoenix Krypt wrote: > Hi, > > I would like to contribute to dovecot by adding seccomp system call > filtering. > > Is this something you would like to merge into the dovecot codebase? If so, > I can put up a PR on github once I complete it. > > Thanks, > Archana What would this achieve? Aki
2019 Oct 31
37
[Bug 3085] New: seccomp issue after upgrading openssl
https://bugzilla.mindrot.org/show_bug.cgi?id=3085 Bug ID: 3085 Summary: seccomp issue after upgrading openssl Product: Portable OpenSSH Version: 8.1p1 Hardware: Other OS: Linux Status: NEW Severity: critical Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org
2024 Jun 15
11
[Bug 3702] New: sshd fork crashed when compiled with seccomp
https://bugzilla.mindrot.org/show_bug.cgi?id=3702 Bug ID: 3702 Summary: sshd fork crashed when compiled with seccomp Product: Portable OpenSSH Version: 9.7p1 Hardware: ARM64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at
2019 Jun 30
2
Possibly Missing Syscalls from Seccomp Filter
Hi! I'm investigating the seccomp filter in openssh and I wanted to know whether the following system calls should be added to the filter: 1. getgroups - do_authentication2->dispatch_run_fatal->sshpkt_fatal->logdie->cleanup_exit->do_cleanup->temporarily_use_uid->getgroups 2. setgroups -
2012 Jul 25
3
seccomp_filter
Can I configure openssh with --sandbox=seccomp_filter and have it still run on older kernels with sandboxing via rlimit? I'm asking from a linux distro packaging point of view. Does --sandbox=seccomp_filter keep the rlimit sandbox? It looks to me as if I can only link in one of the sandbox plugins. An openssh build with seccomp_filter enabled will probably have no sandbox at all on linux <
2015 Feb 11
2
[PATCH] seccomp: allow the getrandom system call.
*SSL libraries or the C library may/will require it. --- sandbox-seccomp-filter.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index b6f6258..846bc08 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -129,6 +129,9 @@ static const struct sock_filter preauth_insns[] = { #else SC_ALLOW(sigprocmask), #endif
2012 May 18
6
[Bug 2011] New: sandbox selection needs some kind of fallback mechanism
https://bugzilla.mindrot.org/show_bug.cgi?id=2011 Bug #: 2011 Summary: sandbox selection needs some kind of fallback mechanism Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2
2022 May 06
9
[Bug 3430] New: 64 bit time and seccomp conflict
https://bugzilla.mindrot.org/show_bug.cgi?id=3430 Bug ID: 3430 Summary: 64 bit time and seccomp conflict Product: Portable OpenSSH Version: 8.9p1 Hardware: ARM OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org
2023 Dec 15
0
[PATCH] Allow MAP_NORESERVE in sandbox seccomp filter maps
While debugging Scudo on ChromeOS, we found that the no reserve mode immediately crashed `sshd`. We tracked it down to the sandbox-seccomp-filter. Being able to mmap with MAP_NORESERVE is useful (if not necessary) for some overcommitting allocators. During mmap calls, the flag MAP_NORESERVE is used by some allocators such as LLVM's Scudo for layout optimisation. This causes the sandbox
2015 Mar 05
31
[Bug 2361] New: seccomp filter (not only) for aarch64
https://bugzilla.mindrot.org/show_bug.cgi?id=2361 Bug ID: 2361 Summary: seccomp filter (not only) for aarch64 Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at
2015 Feb 25
2
[openssh with openssl cryptodev engine] sshd killed by seccomp filter
Hello I have a server with an hardware crypto accelator. For giving userspace access to it I use the cryptodev module (http://cryptodev-linux.org/) I have also the cryptodev engine compiled in openssl. When I modprobe the cryptodev module, I cannot login with ssh on the server. The symptom can be found with dmesg: audit: type=1326 audit(1424784807.257:3): auid=4294967295 uid=22 gid=22
2015 Jun 29
3
[Bug 2419] New: SECCOMP filter does not accept getpgid syscall
https://bugzilla.mindrot.org/show_bug.cgi?id=2419 Bug ID: 2419 Summary: SECCOMP filter does not accept getpgid syscall Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at
2007 Dec 06
4
prio qdisc not wokring
Hi, I am working on linux 2.6.16.I tried to prioritize traffic using prio module but its not working well.It always maps to same class irrespective of ToS.Is it possible to fix it using filters?Anybody fixed this problem? -- Regards Archana Rajagopal _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
2017 Apr 24
2
seccomp filter for ppc64le in FIPS mode
Hello all, OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys in privsep child. The socket() syscall is already denied in the seccomp filter, but in ppc64le kernel, it is implemented using socketcall() syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and therefore fails hard. See attached patch with proposed patch (deny is intentionally after allowing the
2013 Aug 12
16
[Bug 2142] New: openssh sandboxing using libseccomp
https://bugzilla.mindrot.org/show_bug.cgi?id=2142 Bug ID: 2142 Summary: openssh sandboxing using libseccomp Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at
2016 Jun 17
14
[Bug 2590] New: Seccomp filter for missing architectures
https://bugzilla.mindrot.org/show_bug.cgi?id=2590 Bug ID: 2590 Summary: Seccomp filter for missing architectures Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: sshd
2009 Jul 22
1
Problem with "merge" command duplicating values
Hello, I am attempting to merge 8 different data sets into a "grand merge" data set; all their variable names are common except for the the gas measured. However, when I did a quick stat summary comparison of merged data with unmerged data, it turned out that R mysteriously duplicated thousands of values in the merged set and I have no idea why. I've not had this problem with merge
2013 Feb 05
5
[Bug 2011] sandbox selection needs some kind of fallback mechanism
https://bugzilla.mindrot.org/show_bug.cgi?id=2011 --- Comment #8 from Petr Lautrbach <plautrba at redhat.com> --- Created attachment 2214 --> https://bugzilla.mindrot.org/attachment.cgi?id=2214&action=edit don't probe seccomp capability of running kernel in configure I'd like to add also possibility to build seccomp_filter sandbox on system with older kernel, E.g. Fedora
2017 Mar 14
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
I've committed this diff. Please test and confirm that it works ok. (If not, then I've botched the macro fixes in the previous commit) Thanks, Damien Miller On Tue, 14 Mar 2017, Damien Miller wrote: > ok, with the fixes for the seccomp-bpf sandbox that I just committed > the diff reduces to. > > IMO this is scoped narrowly enough to go in. > > -d > > diff
2017 Feb 13
2
[PATCH] Enable specific ioctl calls for ICA crypto card (s390)
This patch enables specific ioctl calls for ICA crypto card on s390 platform. Without this patch, users using the IBMCA engine are not able to perform ssh login as the filter blocks the communication with the crypto card. Signed-off-by: Harald Freudenberger <freude at linux.vnet.ibm.com> Signed-off-by: Eduardo Barretto <ebarretto at linux.vnet.ibm.com> --- sandbox-seccomp-filter.c |