[Bug 1690485] Re: openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox'
Colin Watson
cjwatson at canonical.com
Sun Oct 29 21:59:10 UTC 2017
This looks very weird. If it's calling EVP_Cipher, that should go
through OpenSSL; it's conceivable that it might end up in libkeyutils
via the Kerberos libraries, sure, but a simple cipher call should
already have everything it needs; and libkeyutils doesn't use D-Bus.
Could you attach /lib/x86_64-linux-gnu/tls/libkeyutils.so.1 so that I
can see if I can make anything out of the offsets in your perf output?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1690485
Title:
openssh-server SIGSYS with 'UsePrivilegeSeparation sandbox'
Status in openssh package in Ubuntu:
New
Bug description:
The 'sshd' process gets 'authentication failure' and refuses to allow
any login.
dmesg indicates that the problem is SIGSYS on a call to 'socket'
(syscall #41, signal #31).
On a hunch, I decided to test whether the problem is related to
'seccomp' and changed /etc/ssh/sshd_config from the default
# UsePrivilegeSeparation sandbox
to the former standard value
UsePrivilegeSeparation yes
and logins started to work again.
Obviously, I'd like to have the additional protection that sandboxing
would give me.
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: openssh-server 1:7.4p1-10
ProcVersionSignature: Ubuntu 4.10.0-20.22-generic 4.10.8
Uname: Linux 4.10.0-20-generic x86_64
ApportVersion: 2.20.4-0ubuntu4
Architecture: amd64
CurrentDesktop: XFCE
Date: Fri May 12 21:06:20 2017
InstallationDate: Installed on 2017-04-08 (35 days ago)
InstallationMedia:
SourcePackage: openssh
UpgradeStatus: Upgraded to zesty on 2017-04-24 (19 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1690485/+subscriptions
More information about the foundations-bugs
mailing list