aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Ali Polatel <alip@exherbo.org> 2021-02-15 18:51:46 +0000
committerAvatar Ali Polatel <alip@exherbo.org> 2021-02-15 20:40:11 +0100
commit68f650726ed970c6a0b0a4b5272da333f783e36e (patch)
treef6bb71ab850e32a2eeb2a5b27a025667c0ae657b
parent0e8af0fd72218e90cb63b3489837036de3ce9161 (diff)
downloadsydbox-1-68f650726ed970c6a0b0a4b5272da333f783e36e.tar.gz
sydbox-1-68f650726ed970c6a0b0a4b5272da333f783e36e.tar.xz
Handle missing syscall-enter event before clonefix-no-syscall-enter-before-clone
This was not reproducible with kernels 5.0.21. This is known to happen with kernels 5.10 or newer. Attached below how the incident is reflected in a dump file. Given PIDs: 0: sydbox 1: eldest child of sydbox 2: newest child, cloned by 1 Here, sydbox receives a ptrace clone event from pid 1, however this is not preceeded by a syscall-enter event as usually expected. So sydbox does not mark pid 1 with in-clone flag which in turn results in sydbox being unable to determine the parent pid of pid 2 upon receiving the initial ptrace trap. We fix this by not assuming syscall-enter before a clone event. The downside of this way of notification is we never know whether the thread was spawned with CLONE_FS or CLONE_FILES which results in less memory sharing between process data structures. ``` { "event": 6, "event_name": "pink", "id": 1, "pid": 1, "pink": { "errno": 0, "name": "trace_seize", "options": { "CLONE": true, "EXEC": true, "EXIT": false, "EXITKILL": false, "FORK": true, "SECCOMP": true, "SYSGOOD": true, "VFORK": true, "VFORK_DONE": false }, "pid": 1, "return": 0 }, "time": 1613410290 } ... { "event": 5, "event_name": "wait", "id": 1149, "pid": 1, "process": { "pid": 1, "stat": { "comm": "(tests-f58175dea)", "nice": 0, "num_threads": 7, "pgrp": 0, "pid": 1, "ppid": 0, "state": "t", "tpgid": 0, }, "syd": { "clone_flags": { "CLONE_CHILD_CLEARTID": false, "CLONE_CHILD_SETTID": false, "CLONE_DETACHED": false, "CLONE_FILES": false, "CLONE_FS": false, "CLONE_IO": false, "CLONE_NEWIPC": false, "CLONE_NEWNET": false, "CLONE_NEWNS": false, "CLONE_NEWPID": false, "CLONE_NEWUSER": false, "CLONE_NEWUTS": false, "CLONE_PARENT": false, "CLONE_PARENT_SETTID": false, "CLONE_PTRACE": false, "CLONE_SETTLS": false, "CLONE_SIGHAND": false, "CLONE_SYSVSEM": false, "CLONE_THREAD": false, "CLONE_UNTRACED": false, "CLONE_VFORK": false, "CLONE_VM": false }, "cwd": "/home/alip", "flag_IGNORE_ONE_SIGSTOP": false, "flag_IN_CLONE": false, "flag_IN_EXECVE": false, "flag_IN_SYSCALL": false, "flag_KILLED": false, "flag_STARTUP": false, "flag_STOP_AT_SYSEXIT": false, "new_clone_flags": { "CLONE_CHILD_CLEARTID": false, "CLONE_CHILD_SETTID": false, "CLONE_DETACHED": false, "CLONE_FILES": false, "CLONE_FS": false, "CLONE_IO": false, "CLONE_NEWIPC": false, "CLONE_NEWNET": false, "CLONE_NEWNS": false, "CLONE_NEWPID": false, "CLONE_NEWUSER": false, "CLONE_NEWUTS": false, "CLONE_PARENT": false, "CLONE_PARENT_SETTID": false, "CLONE_PTRACE": false, "CLONE_SETTLS": false, "CLONE_SIGHAND": false, "CLONE_SYSVSEM": false, "CLONE_THREAD": false, "CLONE_UNTRACED": false, "CLONE_VFORK": false, "CLONE_VM": false }, "ppid": 0, "ref_CLONE_FILES": 7, "ref_CLONE_FS": 7, "ref_CLONE_THREAD": 7, "sandbox": null, "syscall_abi": 0, "syscall_name": "clone", "syscall_no": 56, "tgid": 1 } }, "process_count": 7, "ptrace": { "name": "CLONE", "value": 3 }, "status": { "WCOREDUMP": false, "WEXITSTATUS": 0, "WIFCONTINUED": false, "WIFEXITED": false, "WIFSIGNALED": false, "WIFSTOPPED": true, "WSTOPSIG": 5, "WSTOPSIG_name": "SIGTRAP", "WTERMSIG": 0, "WTERMSIG_name": null, "value": 198015 }, "time": 1613410290 } { "event": 6, "event_name": "pink", "id": 1150, "pid": 1, "pink": { "errno": 0, "name": "trace_resume", "pid": 1, "return": 0, "signal": { "name": "SIG_0", "num": 0 } }, "time": 1613410290 } { "event": 5, "event_name": "wait", "id": 1151, "pid": 2, "process": { "pid": 2, "stat": { "comm": "(tests-f58175dea)", "nice": 0, "num_threads": 7, "pgrp": 0, "pid": 2, "ppid": 0, "state": "t", "tpgid": 0, }, "syd": null }, "process_count": 7, "ptrace": { "name": "STOP", "value": 128 }, "status": { "WCOREDUMP": false, "WEXITSTATUS": 0, "WIFCONTINUED": false, "WIFEXITED": false, "WIFSIGNALED": false, "WIFSTOPPED": true, "WSTOPSIG": 5, "WSTOPSIG_name": "SIGTRAP", "WTERMSIG": 0, "WTERMSIG_name": null, "value": 8390015 }, "time": 1613410290 } ``` Signed-off-by: Ali Polatel <alip@exherbo.org>
-rw-r--r--src/sydbox.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/src/sydbox.c b/src/sydbox.c
index 82f17db..3c9fc20 100644
--- a/src/sydbox.c
+++ b/src/sydbox.c
@@ -1,7 +1,7 @@
/*
* sydbox/sydbox.c
*
- * Copyright (c) 2010, 2011, 2012, 2013, 2014, 2015, 2020 Ali Polatel <alip@exherbo.org>
+ * Copyright (c) 2010, 2011, 2012, 2013, 2014, 2015, 2020, 2021 Ali Polatel <alip@exherbo.org>
* Based in part upon strace which is:
* Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
* Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
@@ -1007,12 +1007,27 @@ static int event_startup(syd_process_t *current)
return 0;
}
-static int event_clone(syd_process_t *current)
+static int event_clone(syd_process_t *current, enum pink_event event)
{
assert(current);
- if (!current->new_clone_flags)
- return 0;
+ if (!current->new_clone_flags) {
+ /* No syscall-enter received before clone event. */
+ switch (event) {
+ case PINK_EVENT_FORK:
+ current->new_clone_flags = SIGCHLD;
+ break;
+ case PINK_EVENT_VFORK:
+ current->new_clone_flags = CLONE_VM|CLONE_VFORK|SIGCHLD;
+ break;
+ case PINK_EVENT_CLONE:
+ current->new_clone_flags = CLONE_THREAD;
+ break;
+ default:
+ assert_not_reached();
+ }
+ current->flags |= SYD_IN_CLONE;
+ }
int r;
long cpid = -1;
@@ -1309,9 +1324,9 @@ static int trace(void)
case PINK_EVENT_CLONE:
#if SYDBOX_HAVE_SECCOMP
r = (event == PINK_EVENT_SECCOMP) ? event_seccomp(current)
- : event_clone(current);
+ : event_clone(current, event);
#else
- r = event_clone(current);
+ r = event_clone(current, event);
#endif
if (r < 0)
continue; /* process dead */