View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0004361Kali LinuxGeneral Bugpublic2017-11-23 18:062018-02-09 11:44
Reporterbetmenwasdie Assigned Torhertzog  
PrioritynormalSeveritycrashReproducibilityalways
Status closedResolutionwon't fix 
Product Version2017.3 
Summary0004361: Proxychains Crash (execution of syscall 0000000056 on architecture amd64)
Description

in kali 2017.2 proxychains with apt-get is running normal, but in 2017.3 crash. here the message:

Seccomp prevented execution of syscall 0000000056 on architecture amd64
Reading package lists... Done
E: Method https has died unexpectedly!
E: Sub-process https returned an error code (31)

Attached Files
Screenshot from 2017-11-24 01-04-06.png (94,038 bytes)   
Screenshot from 2017-11-24 01-04-06.png (94,038 bytes)   

Activities

rhertzog

rhertzog

2017-11-24 08:48

administrator   ~0007616

Last edited: 2017-11-24 08:49

From a quick discussion with the APT developers, the problematic syscall reported here is "clone()".

Can you open a bug report against proxychains on the Debian side? The debian maintainer should be able (at least) to add an apt configuration file snippet allowing the problematic syscalls.

09:28 <buxy> juliank: https://bugs.kali.org/view.php?id=4361
09:29 <buxy> I wonder if this needs to be reported on apt or on proxychains or on both? Or is that kind of use the responsibility of the user (it would not be very user-friendly)?
09:30 <buxy> (the issue is that the seccomp filter breaks combined use of apt with proxychains)
09:39 -!- mafm [[email protected]] a rejoint #debian-apt
09:40 <juliank> buxy: it tries to clone(), clone() is not allowed.
09:42 <juliank> Allowing clone() and fork() seems like a really bad idea.
09:43 <buxy> well, unix-philosophy implies to make calls to other tools... I don't know what proxychains is trying to do here, I just want to know where this should be reported and fixed or documented.
09:44 <buxy> Apparently you would rather see this dealt on the proxychains side...
09:44 <buxy> if necessary proxychains could add an apt configuration snippet adding the required syscalls, right?
09:44 <juliank> I don't want to allow methods to create subprocesses. If they can create subprocesses, they can create runaway subprocesses.
09:46 <juliank> Could probably allow CLONE_THREAD
09:49 <juliank> libproxychains could disable seccomp
rhertzog

rhertzog

2017-11-24 09:49

administrator   ~0007617

I just filed the Debian bug here: https://bugs.debian.org/882588

We're not going to do anything more on the Kali side. We will just wait until it has been fixed on the Debian side. I'll likely close the ticket in a couple of days.
anantshri

anantshri

2018-02-09 11:10

reporter   ~0008642

Just a note for anyone who is here looking for a solution. a simple work around is to run this one liner as rot.

echo 'apt::sandbox::seccomp "false";' > /etc/apt/apt.conf.d/999seccompdisable

Background: sometime in october 2017 apt has enabled seccomp and that's what is preventing proxychains from hooking into it. this variable is provided as a quick way to disable it.

Issue History

Date Modified Username Field Change
2017-11-23 18:06 betmenwasdie New Issue
2017-11-23 18:06 betmenwasdie File Added: Screenshot from 2017-11-24 01-04-06.png
2017-11-24 08:37 rhertzog Assigned To => rhertzog
2017-11-24 08:37 rhertzog Status new => assigned
2017-11-24 08:48 rhertzog Note Added: 0007616
2017-11-24 08:49 rhertzog Note Edited: 0007616
2017-11-24 09:49 rhertzog Note Added: 0007617
2018-02-09 11:10 anantshri Note Added: 0008642
2018-02-09 11:44 rhertzog Status assigned => closed
2018-02-09 11:44 rhertzog Resolution open => won't fix