From patchwork Thu Feb 10 02:53:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12741209 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD922C433EF for ; Thu, 10 Feb 2022 02:53:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231669AbiBJCxX (ORCPT ); Wed, 9 Feb 2022 21:53:23 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:56626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230354AbiBJCxW (ORCPT ); Wed, 9 Feb 2022 21:53:22 -0500 Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E293240AE for ; Wed, 9 Feb 2022 18:53:24 -0800 (PST) Received: by mail-pf1-x431.google.com with SMTP id y8so5028914pfa.11 for ; Wed, 09 Feb 2022 18:53:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZAGMTswugNiTZ1kXBcJzDC6qec1Rg+Bf2TmsXf8NPtk=; b=hNQ1SIOimY2cRr4L6bXEXRc4h6C6qK/+mg9wzsu3yTFb+KMg7Srt1bpi0gKTBQesXm br6NSFuTtcw6AbX8Ym4Xkl820I3ALalFPOC0uPIVzCgkoWz3W0zINEJj71mcfuqME64o VIGGonQ4W+Iw60jDFMovhRFlG252FKJepcxq8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZAGMTswugNiTZ1kXBcJzDC6qec1Rg+Bf2TmsXf8NPtk=; b=zcxNfn2ylVujEADlY2HXkYJdaeHlAPj4y6ge60wamNXcQGi6H5xpw9J4NhaDFY1lyM ghF1ZLdN441u1zHbQWUOek7+tkqlS103c7YFXd/wuJr9C891eWLdV3dc30L3micwS7v9 Kd5UrMob0z3tlb2cv9AiUL7QQlKbyxjxKTMScCR8lmQ2gWrxQTUjZB6G9vFtm/yATGuP CmjivLLqw118y6iz39GJPp2KtJhJ+yq2fT/pWba5RK430rbdI4xej7xqDMXM5was5ZRS 3vpJva7gmNRvgE1E7sOOpFdM3qXnC/NFoQZ5zPjcjYN7Zr1q5logEeQ59Mjh5eTxjaOg Qgaw== X-Gm-Message-State: AOAM530bm0q2pmTNK607AL4+AIktIfPW6cr5eJJwcB1MUKoZIHrz+s90 kC6YDEVRZwV208LOwKkPFeogiQ== X-Google-Smtp-Source: ABdhPJzcGsonrQcnzQzEVQ6afui9cuexHSR3QDQJ+2GhZgyPRW7BfaHiyCpPUSzHXZJGyAXuSvd8lQ== X-Received: by 2002:a05:6a00:1914:: with SMTP id y20mr5440888pfi.39.1644461603856; Wed, 09 Feb 2022 18:53:23 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id k15sm20941205pff.39.2022.02.09.18.53.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 18:53:23 -0800 (PST) From: Kees Cook To: "Eric W. Biederman" Cc: Kees Cook , =?utf-8?q?Robert_=C5=9Awi=C4=99cki?= , stable@vger.kernel.org, Andy Lutomirski , Will Drewry , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 1/3] signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE Date: Wed, 9 Feb 2022 18:53:19 -0800 Message-Id: <20220210025321.787113-2-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220210025321.787113-1-keescook@chromium.org> References: <20220210025321.787113-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1263; h=from:subject; bh=Zg+yQalW086+hV+gVFWrJHCSof9cbVJhSUGsHAKczTk=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBiBH4g9ZFRdN7zSC8BSYALnR2/fZGzP1bwBsZpGH2U 28HkRGaJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYgR+IAAKCRCJcvTf3G3AJvJPD/ wJb3mw6sOrz6CALnTWLCdZyJ7Xr8aJtz+h8afQ8e1lWoXRWLAbBNfMEYKjOfdW18iyQbG7VQe+0LfG 0dIVMdrARaUTVIARyoFtrDtMWH+Ej0RGH2KakNMsSisRRBUEhoxOgRdgdZdeUdq/w6c+suiyNhRcD4 96eYh/LSkU2cvYFyvqkaPmki3EcKaukOATdXtDpw6ebGeq1xwRYmzzZrBxSq9Kk39IV/hXENwE216e VXpuHayx0UpAy5kFjh4HFkLPMlgseXT2KLxoDWBlacdFynt4M5JLIdIOXsz/CFrHHihhlj3gFbg7uu 0Iv2qhSrTSs1+jtQBEt8yucWTt3s8NZvlNDOY4TgEfXr0ogHjqN+wVhDNsk+kKuXSQDu6rmk3Eoyof s/IbWa+Z5dXO+Ntk/9JvuccGZ12+77UYCZhdEpw8KfV4Gi+tBcaXRpnjF8WE+C+TDM8K9T5/eWGDBj lfyqtC5Lkk9QD5lLGVI5UtzVNSGiWXecVk0srGEUQ2pb1dwWxwfHs/2BX32Cujb86ZBsqpYmix5dSo SwN/WuJIyaDh5SST+THWAhIyXUiAFhxBVXJRIU6yUtWACbtqPFds/p9sECwpJuRzS11GvrcIpqUq11 YnEHvKm8z8Sn3dh9h1DkFCc/R8RcUjSE0SRcYTtKQLczq3FitMTpg/LPyrGw== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Fatal SIGSYS signals were not being delivered to pid namespace init processes. Make sure the SIGNAL_UNKILLABLE doesn't get set for these cases. Reported-by: Robert Święcki Suggested-by: "Eric W. Biederman" Fixes: 00b06da29cf9 ("signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook Reviewed-by: "Eric W. Biederman" --- kernel/signal.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/signal.c b/kernel/signal.c index 38602738866e..33e3ee4f3383 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -1342,9 +1342,10 @@ force_sig_info_to_task(struct kernel_siginfo *info, struct task_struct *t, } /* * Don't clear SIGNAL_UNKILLABLE for traced tasks, users won't expect - * debugging to leave init killable. + * debugging to leave init killable, unless it is intended to exit. */ - if (action->sa.sa_handler == SIG_DFL && !t->ptrace) + if (action->sa.sa_handler == SIG_DFL && + (!t->ptrace || (handler == HANDLER_EXIT))) t->signal->flags &= ~SIGNAL_UNKILLABLE; ret = send_signal(sig, info, t, PIDTYPE_PID); spin_unlock_irqrestore(&t->sighand->siglock, flags); From patchwork Thu Feb 10 02:53:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12741210 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97CA5C433F5 for ; Thu, 10 Feb 2022 02:53:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231679AbiBJCxY (ORCPT ); Wed, 9 Feb 2022 21:53:24 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:56634 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231645AbiBJCxX (ORCPT ); Wed, 9 Feb 2022 21:53:23 -0500 Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BEF57240B2 for ; Wed, 9 Feb 2022 18:53:24 -0800 (PST) Received: by mail-pj1-x1032.google.com with SMTP id d15-20020a17090a564f00b001b937f4ae2fso1816676pji.4 for ; Wed, 09 Feb 2022 18:53:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=e+pXz6MJQQE9ge1AxmSCkxXIFbo0QVYRSttlemPgs4o=; b=aodHG0a1app1EsXmVOZMmZMgNEV+QVMFGkYeX2Fpx9EuXbboPulJap3+2nmClHC0yv 5s0JAfBse4hzE/66dSMNsCrwf5dZUJb2Orz0guzzaXJMdhLFbNoYiY438usdn9tFl4LC RGJlyKLROLbeby9MxAt8ymOuIkK2k3pxFAjwI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=e+pXz6MJQQE9ge1AxmSCkxXIFbo0QVYRSttlemPgs4o=; b=kCHjrF4LCnOZ7vD+HSCe5F5+h2nZR3SU9hxqqm+8WwDNho6K6W8IbHhOhdTPXIqvLW gBmfuEDngurRcMG0qXer4NdqTWh1rrAuTRvfQX0AOJqZAFBYGWagnnFwrPBHZRLmBohx 65/Aj11JpzXodjU+wyn4QMqFSZyct4hEiQxSVlQNQoNt0BFseoTSo643A2wyzk6fOOgt Ec/vj3a4ppSJiZblOLrpHvK8dOO9e5ubS9HcM8OY+HMOHSBnhQQ0s8sk7f5YdvS+FQuC 1k5+uRR62BpsF5j0ii5D4WsgAoj8s+tO86BcIiZ+ocX+bFAs7BXl49J7lOnOtVzD4O5d dizw== X-Gm-Message-State: AOAM533rhF5d8JdZHmF5HAI7Jj8luhJeWGyvDpaXTBKk4W9eqxP7C3sf RvXctchnnX4dgc/1SlVsEvVWLw== X-Google-Smtp-Source: ABdhPJyvpp/GnnAb2OFSk0N+M/fhefy88WpnRqQnCQiBPyKBvJjbXA3g0Qoqhb/7kBLMen4XuQPMNw== X-Received: by 2002:a17:903:244a:: with SMTP id l10mr5325874pls.0.1644461604276; Wed, 09 Feb 2022 18:53:24 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id h6sm21890559pfc.96.2022.02.09.18.53.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 18:53:23 -0800 (PST) From: Kees Cook To: "Eric W. Biederman" Cc: Kees Cook , Andy Lutomirski , Will Drewry , stable@vger.kernel.org, =?utf-8?q?Robert_?= =?utf-8?q?=C5=9Awi=C4=99cki?= , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 2/3] seccomp: Invalidate seccomp mode to catch death failures Date: Wed, 9 Feb 2022 18:53:20 -0800 Message-Id: <20220210025321.787113-3-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220210025321.787113-1-keescook@chromium.org> References: <20220210025321.787113-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1973; h=from:subject; bh=5NQQkQd6GxAQWbeOukH4H4HOeGum7cgpYZaBrQoxSZU=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBiBH4gf71SjtF76KiPChNFB7ZiqREqAirIAm27s0t7 k3NDFxWJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYgR+IAAKCRCJcvTf3G3AJruDD/ 96PTk4kUSwTiqSC6szaPsQXtlvxDTXOM4v7SpnRSBxGZVXJzh6hIYmcG0fx/kTgL0mjl1n4NipRXBx q1ygCXKCVZm9W1nQ6cOqwZGpGpLCvbXNifp6StIJQSFritY7WTrW5YAKfw9Ts8ueI5SMnFe6i2DOa6 lBeqUGR8LJ1v19uuFyA/AxVXvSMdpg0apKI97PS/LKn3aS7WP7Dr7QMMSAuSrSZYY5i4RYuNBjGRJf SdZBhX+J4mUTfbBaJD9nLPdeWuyS8apx0srBcvgtUMPdtoNt24oqGEEb1/dsuwo+dgpyVWO5zX6ub1 5BhPCOKbfoIagD0jdGKAHm2/mrYfET/hu/jWODqo0xpV3Zz6FeFcu9eT6vhe1ln5VrJHmGtBhUULnC imqSkJsTdO02VVNNA52T4CquGAY/r0OKA0NGMANoyPLhAGDkOuEGQZ7IeeJGNiuOUIO9eTRzXSSV6j b7sFnx/wwX4n2Yx8yp72QXnAl0NsLDXrb6FKrA99szBDWILGvchsW7+G0EYEhmv8ZBV1CqzuGb5uaQ ibap9sFhBjvNo2ELLOZn5yYGz7iUL0ged1f/oidiejaJ1OQMc7SbNy20z+s6q2KAh2LYHuTiP/h4Q/ T81QAMuBBVt3ksWOj9tkRhNGFJNnY7iNfDP0w4GrdRyWkKkXLkqEHnKXCU6A== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org If seccomp tries to kill a process, it should never see that process again. To enforce this proactively, switch the mode to something impossible. If encountered: WARN, reject all syscalls, and attempt to kill the process again even harder. Cc: Andy Lutomirski Cc: Will Drewry Fixes: 8112c4f140fa ("seccomp: remove 2-phase API") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook --- kernel/seccomp.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 4d8f44a17727..db10e73d06e0 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -29,6 +29,9 @@ #include #include +/* Not exposed in headers: strictly internal use only. */ +#define SECCOMP_MODE_DEAD (SECCOMP_MODE_FILTER + 1) + #ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER #include #endif @@ -1010,6 +1013,7 @@ static void __secure_computing_strict(int this_syscall) #ifdef SECCOMP_DEBUG dump_stack(); #endif + current->seccomp.mode = SECCOMP_MODE_DEAD; seccomp_log(this_syscall, SIGKILL, SECCOMP_RET_KILL_THREAD, true); do_exit(SIGKILL); } @@ -1261,6 +1265,7 @@ static int __seccomp_filter(int this_syscall, const struct seccomp_data *sd, case SECCOMP_RET_KILL_THREAD: case SECCOMP_RET_KILL_PROCESS: default: + current->seccomp.mode = SECCOMP_MODE_DEAD; seccomp_log(this_syscall, SIGSYS, action, true); /* Dump core only if this is the last remaining thread. */ if (action != SECCOMP_RET_KILL_THREAD || @@ -1309,6 +1314,11 @@ int __secure_computing(const struct seccomp_data *sd) return 0; case SECCOMP_MODE_FILTER: return __seccomp_filter(this_syscall, sd, false); + /* Surviving SECCOMP_RET_KILL_* must be proactively impossible. */ + case SECCOMP_MODE_DEAD: + WARN_ON_ONCE(1); + do_exit(SIGKILL); + return -1; default: BUG(); } From patchwork Thu Feb 10 02:53:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12741211 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B0BAC43217 for ; Thu, 10 Feb 2022 02:53:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231643AbiBJCxZ (ORCPT ); Wed, 9 Feb 2022 21:53:25 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:56646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231664AbiBJCxX (ORCPT ); Wed, 9 Feb 2022 21:53:23 -0500 Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1BA26240B6 for ; Wed, 9 Feb 2022 18:53:25 -0800 (PST) Received: by mail-pf1-x435.google.com with SMTP id 9so4877294pfx.12 for ; Wed, 09 Feb 2022 18:53:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=rl83JHro1anRWjIQgDE0XbmJ8BuE/Ygl74q80wpYn4M=; b=FVy5gybG75QthWoOFg6lXY1vKAIo4Qk48eB/T/aIoERC7xTr0zQeWQS7qc+Ih0KsBH eZwLfoZl8SQ6qzXgsauNDHBkrpUJKn7A0FHGJutz1wwJNZhDOH12vBLB9LPw9Jz9EMpd xP7EBQyvMSHD+pkh2/4WWL2eSXB35ow8+bC7s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rl83JHro1anRWjIQgDE0XbmJ8BuE/Ygl74q80wpYn4M=; b=Tl2najNu+eAB6CqcpWyt7ZdAbRkMMIRgfRyu04pbHeDDXx3G21RnL9M+FpXQH2jCmf 9WyGGa1nbLyXUHRdAEh81NRq/N8t0OfyDCh+Uq7dqe1zU2WNYZHd9WTz1zyp+a/ohtmW KY4aCLccOxOpiYYLtP2bFTg8CyphptF7rvV5M83MUQIgSgGBSVCz1GwmPlt1kwxP3G1W kicyUmEzGOTvVCRyW1RnCqBYYBD4BhlPNL8OQrgupmQhZLdrFToReSoxvYP10t6zJplU ObCF5WmEsIu5WFdCy6UqkHRHuOAYRO9SU0SMr/7hfrJSVmGKJJUCVo7X/7R+saV2Nahb 6EMA== X-Gm-Message-State: AOAM531PTQAJMCI4qXwT8HY7GQFXv2jPDZ+m9RyjwBpIQ97XYvbmPcXX nnWfiNTx3xpT6L1hca+axrVtjw== X-Google-Smtp-Source: ABdhPJw+gp51DO3UuC2Vk5guTVJ5d67yx58qd2qO9c9t1jcZL1HCjXXoQ1JcC5e6J/o2t4J/lPI5ZA== X-Received: by 2002:a63:9307:: with SMTP id b7mr4499370pge.616.1644461604498; Wed, 09 Feb 2022 18:53:24 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id t24sm21549660pfg.92.2022.02.09.18.53.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 18:53:23 -0800 (PST) From: Kees Cook To: "Eric W. Biederman" Cc: Kees Cook , =?utf-8?q?Robert_=C5=9Awi=C4=99cki?= , Andy Lutomirski , Will Drewry , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH 3/3] samples/seccomp: Adjust sample to also provide kill option Date: Wed, 9 Feb 2022 18:53:21 -0800 Message-Id: <20220210025321.787113-4-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220210025321.787113-1-keescook@chromium.org> References: <20220210025321.787113-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1611; h=from:subject; bh=CDt8AGWhLzy7NL4kvvBB5tTCY0LueyR3ecDeoGuIsbA=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBiBH4h69+BYJGJ3Tocnvvj73dk+HxAJPLEUEd/PKa8 VwJ6tq2JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYgR+IQAKCRCJcvTf3G3AJjdOD/ oDc+BTzQ15+vRXjOZrhBIBubYZ54o/oFqBiaqcBS7fVKBRJnI49NttnvRr0tq5MKRb0iNpHL3xMkxk GFX9TWlxpEUn+SN1tpQ258maPyQT8GNoGtciu9zuF04vllZcN+ptH5T3qwpn2GAmM2l0g0Vkak7OF5 MZpoq0WeiyCksDYAee8PMvm0prsUZXTK09MwRtIRnoQu1wK5FzP5d75SvGqsqvz3wY/BChveCjfS3l VpyZS4z0+9DAzl8mcIprS+r0B/jssYOMf5hEp0GHtFSyAypeVxhBmQXZ/p2CWHZ9iO1i4612MrdZHd KtAhE3KFY7NDp+FrxE8wB5u0fPm37VgZpliIsqDyo8yzolv3K67bXRQjxmUaPlYROqicxECfx5T7mV FjCCPmU+RqAZ1fxfUWUfPIk4LrUABcJrkPESZuEvyN5JVGdor6AbxOb1Nq4KcjEeVWEFWV7EyjvOoa NvplB4ov4uWSmIbvfkC5z9tFrKXBRTAklxBoHfZaYqGO7/sRpexsQiNW6wsLQ7hAJer6E1hoh48t4a XTfdGou6FMR5mNWu0ossHE4tRxATv4D3UfqAaFRaGOEUCDyVldBKTxAiB3mTi1xnCXQKb8xjYvZ0ew 7tJxLr7npTMcGlCEkDsMHq1A3FUPtn4PUnqpPPealHSKdpL2NfYlk1rtNqrA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org As a quick way to test SECCOMP_RET_KILL, have a negative errno mean to kill the process. While we're in here, also swap the arch and syscall arguments so they're ordered more like how seccomp filters order them. Signed-off-by: Kees Cook --- samples/seccomp/dropper.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/samples/seccomp/dropper.c b/samples/seccomp/dropper.c index cc0648eb389e..4bca4b70f665 100644 --- a/samples/seccomp/dropper.c +++ b/samples/seccomp/dropper.c @@ -25,7 +25,7 @@ #include #include -static int install_filter(int nr, int arch, int error) +static int install_filter(int arch, int nr, int error) { struct sock_filter filter[] = { BPF_STMT(BPF_LD+BPF_W+BPF_ABS, @@ -42,6 +42,10 @@ static int install_filter(int nr, int arch, int error) .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), .filter = filter, }; + if (error == -1) { + struct sock_filter kill = BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL); + filter[4] = kill; + } if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { perror("prctl(NO_NEW_PRIVS)"); return 1; @@ -57,9 +61,10 @@ int main(int argc, char **argv) { if (argc < 5) { fprintf(stderr, "Usage:\n" - "dropper []\n" + "dropper []\n" "Hint: AUDIT_ARCH_I386: 0x%X\n" " AUDIT_ARCH_X86_64: 0x%X\n" + " errno == -1 means SECCOMP_RET_KILL\n" "\n", AUDIT_ARCH_I386, AUDIT_ARCH_X86_64); return 1; }