WIP/fixbpf #13

crtxcr · 2021-08-12T12:30:59+02:00

crtxcr がコメント

2021-08-12 12:30:59 +02:00

オーナー

TODO:

EACCES is hardcoded
Shrink BPF filter.

TODO: - EACCES is hardcoded - Shrink BPF filter.

crtxcr が 3 コミット追加 2021-08-12 12:31:00 +02:00

5cd45c09b7 bpf: Use SECCOMP_RET_KILL_PROCESS instead SECCOMP_RET_KILL

We generally want to kill the process not the thread.

66c6d28dcd bpf: Check arch value

The filter was missing this check for arch, allowing bypasses
by using different calling conventions of other architectures.

A trivial example is execve() of x86 from and x86_64 process.

51844ea3ab bpf: Deny x32 system calls for now

The arch field is the same for x86_64 and x32, thus checking it
is not enough.

Simply using x32 system calls would allow a bypass. Thus,
we must check whether the system call number is in __X32_SYSCALL_BIT.

This is of course a lazy solution, we could also add the
same system call number + _X32_SYSCALL_BIT to our black/whitelists.

For now however, this however will do.

crtxcr が WIP/fixbpf を強制プッシュ ( 89c5496fab から 83487c1699 へ ) 2021-09-05 12:32:25 +02:00 比較

crtxcr が WIP/fixbpf を強制プッシュ ( 91a9b778eb から 8a9b1730de へ ) 2021-09-05 17:14:14 +02:00 比較

crtxcr が 1 コミット追加 2021-09-05 17:24:46 +02:00

411e00715d Rename qssb_append_default_syscall_policy() to better distinguish it from qssb_append_syscall_default_policy()

crtxcr が 1 コミット追加 2021-09-06 21:53:45 +02:00

215032f32c enable_no_fs(): Fix corresponding test by adding missing default policy

crtxcr がプルリクエストをクローズ

2021-09-06 21:58:06 +02:00