FS#63129 - [vsftpd] Seccomp kills child process after clock_gettime syscall

Attached to Project: Community Packages
Opened by Szunti (Szunti) - Monday, 08 July 2019, 17:31 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:00 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Maybe should go upstream, but I saw that other syscalls were whitelisted with a patch recently.
gettimeofday is already whitelisted, but it's never called. Its in the vdso and if the tsc clocksource is used by the kernel a syscall is not made at all, if the clocksource is not tsc (kernel deemed it unreliable in my case) then it falls back on the clock_gettime syscall.

Then every attempt to connect to the server is closed immediately with
500 OOPS: child died

Patching seccompsandbox.c:

allow_nr(__NR_gettimeofday); /* Used by logging. */

fixes it.

Additional info:
* package version(s)
vsftpd 3.0.3-6

Steps to reproduce:
1) Set clocksource to hpet (echo hpet > /sys/devices/system/clocksource/clocksource0/current_clocksource)
2) Run vsftpd
3) Get 500 OOPS: children died error in client
This task depends upon

Closed by  Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:00 GMT
Reason for closing:  Moved
Additional comments about closing:  https://gitlab.archlinux.org/archlinux/p ackaging/packages/vsftpd/issues/2
Comment by Buggy McBugFace (bugbot) - Tuesday, 08 August 2023, 19:11 GMT
This is an automated comment as this bug is open for more then 2 years. Please reply if you still experience this bug otherwise this issue will be closed after 1 month.