crtxcr/exile.h
1
0
Fork 0
Code Issues 14 Pull Requests 1 Releases Wiki Activity
55 Commits 4 Branches 0 Tags 355 KiB
51844ea3ab
Commit Graph

5 Commits

Author SHA1 Message Date
Albert S
51844ea3ab bpf: Deny x32 system calls for now 
The arch field is the same for x86_64 and x32, thus checking it
is not enough.

Simply using x32 system calls would allow a bypass. Thus,
we must check whether the system call number is in __X32_SYSCALL_BIT.

This is of course a lazy solution, we could also add the
same system call number + _X32_SYSCALL_BIT to our black/whitelists.

For now however, this however will do.
 2021-08-12 12:25:12 +02:00
Albert S
fa06287b13 Use new qssb_append_*_syscall functions, remove old fields 2021-08-12 11:37:19 +02:00
Albert S
4a4d551e75 Introduce "no_fs" and "no_new_fd" options. 
no_fs is a simple way to take away all
FS access, without constructing path_policies etc.

no_new_fd disallows opening any new
file descriptors
 2021-08-10 16:58:43 +02:00
Albert S
a7c04537f7 Rename allowed_syscalls to whitelisted_syscalls for consistency 2021-06-05 20:15:09 +02:00
Albert S
85c01899a9 Start implementing tests 2021-06-05 20:11:07 +02:00