Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#63129 - [vsftpd] Seccomp kills child process after clock_gettime syscall

Attached to Project: Community Packages
Opened by Szunti (Szunti) - Monday, 08 July 2019, 17:31 GMT
Last edited by Balló György (City-busz) - Thursday, 29 August 2019, 19:59 GMT
Task Type Bug Report
Category Packages
Status Assigned
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Description:
Maybe should go upstream, but I saw that other syscalls were whitelisted with a patch recently.
gettimeofday is already whitelisted, but it's never called. Its in the vdso and if the tsc clocksource is used by the kernel a syscall is not made at all, if the clocksource is not tsc (kernel deemed it unreliable in my case) then it falls back on the clock_gettime syscall.

Then every attempt to connect to the server is closed immediately with
500 OOPS: child died

Patching seccompsandbox.c:

allow_nr(__NR_gettimeofday); /* Used by logging. */
+allow_nr(__NR_clock_gettime);

fixes it.

Additional info:
* package version(s)
vsftpd 3.0.3-6


Steps to reproduce:
1) Set clocksource to hpet (echo hpet > /sys/devices/system/clocksource/clocksource0/current_clocksource)
2) Run vsftpd
3) Get 500 OOPS: children died error in client
This task depends upon

Loading...