add new classifier result

1 files changed, 62 insertions, 0 deletions

diff --git a/results/classifier/105/other/1525676 b/results/classifier/105/other/1525676
new file mode 100644
index 000000000..15da56e5e
--- /dev/null
+++ b/results/classifier/105/other/1525676
@@ -0,0 +1,62 @@
+other: 0.925
+semantic: 0.894
+graphic: 0.876
+instruction: 0.849
+device: 0.824
+mistranslation: 0.816
+assembly: 0.803
+socket: 0.782
+network: 0.752
+boot: 0.726
+vnc: 0.720
+KVM: 0.621
+
+qemu runas and sandbox option incompatible, process will hang in futex after setgid
+
+With -runas [user] and -sandbox on, qemu process will fail in the process of dropping privileges. While setgid() is done (see below), setuid() is not attempted. Instead process blocks waiting for a futex never to come.
+
+[pid 21769] +++ killed by SIGSYS +++
+[pid 21767] <... tgkill resumed> )      = 0
+[pid 21767] tgkill(21767, 21768, SIGRT_1 <unfinished ...>
+[pid 21768] <... nanosleep resumed> {0, 7284187}) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
+[pid 21768] --- SIGRT_1 {si_signo=SIGRT_1, si_code=SI_TKILL, si_pid=21767, si_uid=0} ---
+[pid 21768] setgid(100)                 = 0
+[pid 21768] futex(0x7f7f0f53fd1c, FUTEX_WAKE_PRIVATE, 1) = 0
+[pid 21768] rt_sigreturn()              = -1 EINTR (Interrupted system call)
+[pid 21768] nanosleep({0, 7284187},  <unfinished ...>
+[pid 21767] <... tgkill resumed> )      = 0
+[pid 21767] futex(0x7ffd5a9b6890, FUTEX_WAIT_PRIVATE, 3, NULL <unfinished ...>
+[pid 21768] <... nanosleep resumed> 0x7f7f0f53eb00) = 0
+[pid 21768] futex(0x55f52acd1f44, FUTEX_WAIT, 4294967295, NULL
+
+This bug might be addresses in the discussion/patchset http://qemu.11.n7.nabble.com/PATCH-Add-syscalls-for-runas-and-chroot-to-the-seccomp-sandbox-td359588.html
+
+# lsb_release -rd
+Description:    Ubuntu 15.10
+Release:        15.10
+
+# apt-cache policy qemu-system-x86
+qemu-system-x86:
+  Installed: 1:2.3+dfsg-5ubuntu9.1
+  Candidate: 1:2.3+dfsg-5ubuntu9.1
+  Version table:
+ *** 1:2.3+dfsg-5ubuntu9.1 0
+        500 http://archive.ubuntu.com/ubuntu/ wily-updates/main amd64 Packages
+        500 http://archive.ubuntu.com/ubuntu/ wily-security/main amd64 Packages
+        100 /var/lib/dpkg/status
+     1:2.3+dfsg-5ubuntu9 0
+        500 http://archive.ubuntu.com/ubuntu/ wily/main amd64 Packages
+
+Yes, it looks like that discussion is related. Though I also got the impression that there is currently still some decision going on how exactly to fix this. So it feels like we should wait with any fix until this decision is made (and a fix is committed into qemu's upstream repo)...
+
+hmm, the change still did not made it upstream.
+I lost track on it and only see it now checking bugs that became dormant - was that fixed in another way?
+
+There is some overlap with LP: #1675114 so you might be interested to know that @otubo is working on refactoring seccomp for upstream. No firm ETA yet but he thinks that 18.04 would be doable.
+
+I haven't tried, but I think this should be fixed now with the new elevateprivileges parameter of the -sandbox option. Have you tried to reproduce the problem with the latest version of QEMU already?
+
+[Expired for qemu (Ubuntu) because there has been no activity for 60 days.]
+
+[Expired for QEMU because there has been no activity for 60 days.]
+