aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Ali Polatel <alip@exherbo.org> 2016-10-07 01:43:20 +0300
committerAvatar Ali Polatel <alip@exherbo.org> 2016-10-07 03:17:35 +0300
commit7fb3d95aee2c31a0fb04af851a9ec5563d0c3200 (patch)
tree5eaf759194bdda5ebd1866055cc0198c39aa329a
parentecde9e3be16e7b710d33cdd2dbc39eac248c956f (diff)
downloadsydbox-1-7fb3d95aee2c31a0fb04af851a9ec5563d0c3200.tar.gz
sydbox-1-7fb3d95aee2c31a0fb04af851a9ec5563d0c3200.tar.xz
fix linux-4.8 & seccomp
Signed-off-by: Ali Polatel <alip@exherbo.org>
-rw-r--r--data/poems.txt14
-rw-r--r--src/panic.c25
-rw-r--r--src/sydbox.c2
3 files changed, 36 insertions, 5 deletions
diff --git a/data/poems.txt b/data/poems.txt
index 4496dad..aafb73d 100644
--- a/data/poems.txt
+++ b/data/poems.txt
@@ -5,6 +5,20 @@ This is an attempt to thank everyone involved in tackling sydbox bugs, writing p
Peace & Love!
Released under the terms of the WTFPL, version 2, as published by Sam Hocevar.
+From: keruspe
+Date: 2016-10-06
+Bug: Changes in Linux-3.8 wrt. seccomp broke sydbox' system call deny hack.
+Note: Change returns success, action brings good fortune.
+Poem:
+ -- Lasso for a Knight
+ The old man said,
+ When you have a bishop,
+ You can live with a knight.
+
+ The wise man said,
+ When you have a bishop,
+ Go after your rival's knight.
+
From: myself
Date: this moment
Bug: I have not seen a scorpion in the house for a while, not much around this year.
diff --git a/src/panic.c b/src/panic.c
index 00984f2..54bc364 100644
--- a/src/panic.c
+++ b/src/panic.c
@@ -19,6 +19,8 @@
#include <syd.h>
+extern unsigned os_release;
+
static inline int errno2retval(int err_no)
{
#if 0
@@ -131,10 +133,23 @@ static void report(syd_process_t *current, const char *fmt, va_list ap)
int deny(syd_process_t *current, int err_no)
{
- current->flags |= SYD_DENY_SYSCALL | SYD_STOP_AT_SYSEXIT;
current->retval = errno2retval(err_no);
- return syd_write_syscall(current, PINK_SYSCALL_INVALID);
+ if (os_release >= KERNEL_VERSION(3,8,0)) {
+ /* Linux-4.8 and later have a well defined way to deny
+ * system calls (at last!). See seccomp(2).
+ * Summary: We don't need to stop at system exit to write the return value.
+ * We can write it here and be done with it.
+ */
+ int r;
+
+ if ((r = restore(current)) < 0)
+ return r;
+ return syd_write_syscall(current, -1);
+ } else {
+ current->flags |= SYD_DENY_SYSCALL | SYD_STOP_AT_SYSEXIT;
+ return syd_write_syscall(current, PINK_SYSCALL_INVALID);
+ }
}
int restore(syd_process_t *current)
@@ -143,8 +158,10 @@ int restore(syd_process_t *current)
int retval, error;
/* restore system call number */
- if ((r = syd_write_syscall(current, current->sysnum)) < 0)
- return r;
+ if (os_release <= KERNEL_VERSION(3,8,0)) {
+ if ((r = syd_write_syscall(current, current->sysnum)) < 0)
+ return r;
+ }
/* return the saved return value */
if (current->retval < 0) { /* failure */
diff --git a/src/sydbox.c b/src/sydbox.c
index 954c5a5..a3f2708 100644
--- a/src/sydbox.c
+++ b/src/sydbox.c
@@ -56,7 +56,7 @@ static int post_attach_sigstop = SYD_IGNORE_ONE_SIGSTOP;
#endif
sydbox_t *sydbox;
-static unsigned os_release;
+unsigned os_release;
static volatile sig_atomic_t interrupted;
static sigset_t empty_set, blocked_set;