On Mon, Jun 10, 2019 at 07:48:03AM -0700, shankarapailoor . wrote: > I was looking at the openssh seccomp filter and I was curious why is > shutdown is allowed in the whitelist? > > I've been doing an analysis on the openssh code and the callpaths I find > which call shutdown have the form: > > main->do_authenticated->server_loop2->channel_after_select->channel_handler->channel_post_mux_client->read_mux->chan_read_failed->chan_shutdown_read->shutdown > > However, isn't do_authenticated handled in the parent process which isn't > sandboxed? I might be gravely mistaken here so my apologies if I'm wrong. It was originally added here: https://anongit.mindrot.org/openssh.git/commit/?id=7e5cec6070673e9f9785ffc749837ada22fbe99f ... but then that shutdown call was removed here: https://anongit.mindrot.org/openssh.git/commit/?id=dc5dc45662773c0f7745c29cf77ae2d52723e55e ... so it does indeed seem possible that it's no longer needed, though I imagine it'd need some testing. -- Colin Watson [cjwatson@xxxxxxxxxx] _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
