[Bug 1690485] Re: openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox'

Colin Watson cjwatson at canonical.com
Fri Oct 27 08:35:33 UTC 2017 

OK, so that puts it somewhere inside ssh_packet_send2_wrapped.  Can you
revert my previous patch (patch -p1 -R <sshd-debug.patch, or use git if
you're comfortable with it) and apply this one instead to narrow it down
further?

The configuration difference is certainly suggestive.  You can see the
other configure options in debian/rules, and it would perhaps be worth
trying different combinations of those if you have the time: the
relevant ones are probably --with-kerberos5=/usr, --with-ssl-engine,
--with-selinux, and --with-audit=linux.

** Patch added: "sshd-debug.patch"
   https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+attachment/4997685/+files/sshd-debug.patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1690485

Title:
  openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox'

Status in openssh package in Ubuntu:
  New

Bug description:
  The 'sshd' process gets 'authentication failure' and refuses to allow
  any login.

  dmesg indicates that the problem is SIGSYS on a call to 'socket'
  (syscall #41, signal #31).

  On a hunch, I decided to test whether the problem is related to
  'seccomp' and changed /etc/ssh/sshd_config from the default

  # UsePrivilegeSeparation sandbox

  to the former standard value

  UsePrivilegeSeparation yes

  and logins started to work again.

  Obviously, I'd like to have the additional protection that sandboxing
  would give me.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.04
  Package: openssh-server 1:7.4p1-10
  ProcVersionSignature: Ubuntu 4.10.0-20.22-generic 4.10.8
  Uname: Linux 4.10.0-20-generic x86_64
  ApportVersion: 2.20.4-0ubuntu4
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Fri May 12 21:06:20 2017
  InstallationDate: Installed on 2017-04-08 (35 days ago)
  InstallationMedia:
   
  SourcePackage: openssh
  UpgradeStatus: Upgraded to zesty on 2017-04-24 (19 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+subscriptions

More information about the foundations-bugs mailing list