Bug#946242: fatal: privsep_preauth: preauth child terminated by signal 31

To: Bernhard Übelacker <bernhardu@mailbox.org>, 946242@bugs.debian.org
Cc: Ian Jackson <ijackson@chiark.greenend.org.uk>
Subject: Bug#946242: fatal: privsep_preauth: preauth child terminated by signal 31
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 11 Jan 2020 13:20:49 +0000
Message-id: <[🔎] 20200111132049.GI3701@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 946242@bugs.debian.org
In-reply-to: <e22a017b-5b8b-ff9d-aaef-7f48bc378bf0@mailbox.org>
References: <157560312594.19303.11662014722381682062.reportbug@fw.mroczka.com> <157560312594.19303.11662014722381682062.reportbug@fw.mroczka.com> <157560312594.19303.11662014722381682062.reportbug@fw.mroczka.com> <38fd6854-4efb-6fd6-3055-cc37ea0808af@mailbox.org> <20191207172045.GJ3701@riva.ucam.org> <157560312594.19303.11662014722381682062.reportbug@fw.mroczka.com> <e22a017b-5b8b-ff9d-aaef-7f48bc378bf0@mailbox.org> <157560312594.19303.11662014722381682062.reportbug@fw.mroczka.com>

Ian Jackson (CCed) just ran into this and we debugged it together on
IRC.  This turns out to be a variant of https://bugs.debian.org/941663
that only affects certain architectures, because glibc implements
shmget/shmat/shmdt using the ipc syscall on certain architectures.  For
example, shmget is:

  int
  shmget (key_t key, size_t size, int shmflg)
  {
  #ifdef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
    return INLINE_SYSCALL_CALL (shmget, key, size, shmflg, NULL);
  #else
    return INLINE_SYSCALL_CALL (ipc, IPCOP_shmget, key, size, shmflg, NULL);
  #endif
  }

And:

  sysdeps/unix/sysv/linux/i386/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
  sysdeps/unix/sysv/linux/kernel-features.h:#define __ASSUME_DIRECT_SYSVIPC_SYSCALLS      1
  sysdeps/unix/sysv/linux/m68k/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
  sysdeps/unix/sysv/linux/mips/kernel-features.h:# undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
  sysdeps/unix/sysv/linux/powerpc/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
  sysdeps/unix/sysv/linux/s390/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
  sysdeps/unix/sysv/linux/sh/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
  sysdeps/unix/sysv/linux/sparc/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS

I think a fix for this that applies to buster would be:

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index e8f31555e..121760418 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -134,6 +134,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_fstat64
 	SC_DENY(__NR_fstat64, EACCES),
 #endif
+#ifdef __NR_ipc
+	SC_DENY(__NR_ipc, EACCES),
+#endif
 #ifdef __NR_open
 	SC_DENY(__NR_open, EACCES),
 #endif

I have some other things to do this weekend, but I'll chase this up with
upstream and arrange for this to get into appropriate Debian packages.

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#946242: fatal: privsep_preauth: preauth child terminated by signal 31
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Bug#733573: ssh: Doesn't use the key from -i when using an agent.
Next by Date: Processed: Bug#946242 marked as pending in openssh
Previous by thread: Bug#733573: ssh: Doesn't use the key from -i when using an agent.
Next by thread: Bug#946242: fatal: privsep_preauth: preauth child terminated by signal 31
Index(es):
- Date
- Thread