openssh builds no problem on x32, however on 6.7 onwards there's a silent failure that results in dropping all incoming connections. I did a pretty significant package upgrade yesterday (roughly a year out of date), with the result of being locked out of the system. I've build dropbear with -m64 so it builds, however 6.6 should be restored...
Please restore an ebuild from 6.6.
This is pretty serious for remote users; I'm lucky as I have IPMI access to the box.
Confirming building with -m64 results in a functional openssh with net-misc/openssh-6.8_p1-r5, this is super dangerous.
try emerging with EXTRA_ECONF=--with-sandbox=no. that will tell us whether the new seccomp code is causing a problem.
(In reply to SpanKY from comment #2)
> try emerging with EXTRA_ECONF=--with-sandbox=no. that will tell us whether
> the new seccomp code is causing a problem.
Tried this to no avail. I'm having the exact same issue though I have another system with up to date OpenSSL and OpenSSH that does not have the same problem. On the machine I do have the issue, I can have it run on a stage3 x32 sshd (6.6) but not with the same x32 binary I have running ok elsewhere - just closes the connection.
After compiling with "debug" flag, log shows:
[sshd] fatal: ssh_sandbox_violation: unexpected system call (arch:0xc000003e,syscall:228 @ 0xff9ff6da) [preauth]
So I checked and I typed EXTRA_CONF instead of the correct variable and recompiled again with sandbox disabled and it works now.
*** Bug 556476 has been marked as a duplicate of this bug. ***
As per Bug 556476, using `EXTRA_ECONF=--with-sandbox=rlimit` would be more secure, or there's an as-yet-unaccepted patch (albeit one which looks reasonable to an untrained eye) which adds libseccomp support, and which appears to work.
Commit message: Use the rlimit sandbox for x32 ABI until the seccomp one is fixed
(In reply to Stuart Shelton from comment #6)
i've added that to the latest ebuild, but i'll leave this bug open until we can enable seccomp again for x32
seccomp sandbox seems to work w/openssh-7.5_p1 under x32