Bug#946242: fatal: privsep_preauth: preauth child terminated by signal 31
- To: Bernhard Übelacker <bernhardu@mailbox.org>, 946242@bugs.debian.org
- Cc: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Subject: Bug#946242: fatal: privsep_preauth: preauth child terminated by signal 31
- From: Colin Watson <cjwatson@debian.org>
- Date: Sat, 11 Jan 2020 13:20:49 +0000
- Message-id: <[🔎] 20200111132049.GI3701@riva.ucam.org>
- Reply-to: Colin Watson <cjwatson@debian.org>, 946242@bugs.debian.org
- In-reply-to: <e22a017b-5b8b-ff9d-aaef-7f48bc378bf0@mailbox.org>
- References: <157560312594.19303.11662014722381682062.reportbug@fw.mroczka.com> <157560312594.19303.11662014722381682062.reportbug@fw.mroczka.com> <157560312594.19303.11662014722381682062.reportbug@fw.mroczka.com> <38fd6854-4efb-6fd6-3055-cc37ea0808af@mailbox.org> <20191207172045.GJ3701@riva.ucam.org> <157560312594.19303.11662014722381682062.reportbug@fw.mroczka.com> <e22a017b-5b8b-ff9d-aaef-7f48bc378bf0@mailbox.org> <157560312594.19303.11662014722381682062.reportbug@fw.mroczka.com>
Ian Jackson (CCed) just ran into this and we debugged it together on
IRC. This turns out to be a variant of https://bugs.debian.org/941663
that only affects certain architectures, because glibc implements
shmget/shmat/shmdt using the ipc syscall on certain architectures. For
example, shmget is:
int
shmget (key_t key, size_t size, int shmflg)
{
#ifdef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
return INLINE_SYSCALL_CALL (shmget, key, size, shmflg, NULL);
#else
return INLINE_SYSCALL_CALL (ipc, IPCOP_shmget, key, size, shmflg, NULL);
#endif
}
And:
sysdeps/unix/sysv/linux/i386/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
sysdeps/unix/sysv/linux/kernel-features.h:#define __ASSUME_DIRECT_SYSVIPC_SYSCALLS 1
sysdeps/unix/sysv/linux/m68k/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
sysdeps/unix/sysv/linux/mips/kernel-features.h:# undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
sysdeps/unix/sysv/linux/powerpc/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
sysdeps/unix/sysv/linux/s390/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
sysdeps/unix/sysv/linux/sh/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
sysdeps/unix/sysv/linux/sparc/kernel-features.h:#undef __ASSUME_DIRECT_SYSVIPC_SYSCALLS
I think a fix for this that applies to buster would be:
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index e8f31555e..121760418 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -134,6 +134,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_fstat64
SC_DENY(__NR_fstat64, EACCES),
#endif
+#ifdef __NR_ipc
+ SC_DENY(__NR_ipc, EACCES),
+#endif
#ifdef __NR_open
SC_DENY(__NR_open, EACCES),
#endif
I have some other things to do this weekend, but I'll chase this up with
upstream and arrange for this to get into appropriate Debian packages.
--
Colin Watson [cjwatson@debian.org]
Reply to: