|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004361||Kali Linux||[All Projects] General Bug||public||2017-11-23 18:06||2018-02-09 11:44|
|Target Version||Fixed in Version|
|Summary||0004361: Proxychains Crash (execution of syscall 0000000056 on architecture amd64)|
|Description||in kali 2017.2 proxychains with apt-get is running normal, but in 2017.3 crash. here the message:|
**** Seccomp prevented execution of syscall 0000000056 on architecture amd64 ****
Reading package lists... Done
E: Method https has died unexpectedly!
E: Sub-process https returned an error code (31)
Last edited: 2017-11-24 08:49
From a quick discussion with the APT developers, the problematic syscall reported here is "clone()".
Can you open a bug report against proxychains on the Debian side? The debian maintainer should be able (at least) to add an apt configuration file snippet allowing the problematic syscalls.
09:28 <buxy> juliank: https://bugs.kali.org/view.php?id=4361
09:29 <buxy> I wonder if this needs to be reported on apt or on proxychains or on both? Or is that kind of use the responsibility of the user (it would not be very user-friendly)?
09:30 <buxy> (the issue is that the seccomp filter breaks combined use of apt with proxychains)
09:39 -!- mafm [~firstname.lastname@example.org] a rejoint #debian-apt
09:40 <juliank> buxy: it tries to clone(), clone() is not allowed.
09:42 <juliank> Allowing clone() and fork() seems like a really bad idea.
09:43 <buxy> well, unix-philosophy implies to make calls to other tools... I don't know what proxychains is trying to do here, I just want to know where this should be reported and fixed or documented.
09:44 <buxy> Apparently you would rather see this dealt on the proxychains side...
09:44 <buxy> if necessary proxychains could add an apt configuration snippet adding the required syscalls, right?
09:44 <juliank> I don't want to allow methods to create subprocesses. If they can create subprocesses, they can create runaway subprocesses.
09:46 <juliank> Could probably allow CLONE_THREAD
09:49 <juliank> libproxychains could disable seccomp
I just filed the Debian bug here: https://bugs.debian.org/882588
We're not going to do anything more on the Kali side. We will just wait until it has been fixed on the Debian side. I'll likely close the ticket in a couple of days.
Just a note for anyone who is here looking for a solution. a simple work around is to run this one liner as rot.
echo 'apt::sandbox::seccomp "false";' > /etc/apt/apt.conf.d/999seccompdisable
Background: sometime in october 2017 apt has enabled seccomp and that's what is preventing proxychains from hooking into it. this variable is provided as a quick way to disable it.
|2017-11-23 18:06||betmenwasdie||New Issue|
|2017-11-23 18:06||betmenwasdie||File Added: Screenshot from 2017-11-24 01-04-06.png|
|2017-11-24 08:37||rhertzog||Assigned To||=> rhertzog|
|2017-11-24 08:37||rhertzog||Status||new => assigned|
|2017-11-24 08:48||rhertzog||Note Added: 0007616|
|2017-11-24 08:49||rhertzog||Note Edited: 0007616||View Revisions|
|2017-11-24 09:49||rhertzog||Note Added: 0007617|
|2018-02-09 11:10||anantshri||Note Added: 0008642|
|2018-02-09 11:44||rhertzog||Status||assigned => closed|
|2018-02-09 11:44||rhertzog||Resolution||open => won't fix|