| Summary: | net-misc/openssh-8.0_p1-r4: add 'seccomp' USE flag | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Sam James <sam> |
| Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | normal | CC: | robbat2 |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
(In reply to sam_c - Security Padawan from comment #0) > OpenSSH seems to auto-detect libseccomp if it's on the system and enable it. > It does not have a USE for seccomp. OpenSSH does not utilize libseccomp; it makes the necessary system calls directly. Given that there is no external dependency, I don't see much point in adding a USE flag. I agree, I didn't notice that it wasn't actually using libseccomp. I don't think there's much need to provide a USE flag just to let people shoot themselves in the foot with less sandboxing. |
OpenSSH seems to auto-detect libseccomp if it's on the system and enable it. It does not have a USE for seccomp. >OpenSSH has been configured with the following options: > User binaries: /usr/bin > System binaries: /usr/sbin > Configuration files: /etc/ssh > ... > Random number source: OpenSSL internal ONLY > Privsep sandbox style: seccomp_filter Reproducible: Always Steps to Reproduce: USE="-seccomp" emerge -v openssh Actual Results: The build system detects libseccomp on the system and enables it regardless of seccomp USE flag. Expected Results: seccomp should be disabled for openssh