| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Feb 2022 12:17:50 -0600
From: "Eric W. Biederman" <ebiederm@...ssion.com>
To: Kees Cook <keescook@...omium.org>
Cc: Robert Święcki <robert@...ecki.net>,
Andy Lutomirski <luto@...capital.net>,
Will Drewry <wad@...omium.org>, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH 0/3] signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
Kees Cook <keescook@...omium.org> writes:
> Hi,
>
> This fixes the signal refactoring to actually kill unkillable processes
> when receiving a fatal SIGSYS from seccomp. Thanks to Robert for the
> report and Eric for the fix! I've also tweaked seccomp internal a bit to
> fail more safely. This was a partial seccomp bypass, in the sense that
> SECCOMP_RET_KILL_* didn't kill the process, but it didn't bypass other
> aspects of the filters. (i.e. the syscall was still blocked, etc.)
Any luck on figuring out how to suppress the extra event?
>
> I'll be sending this to Linus after a bit more testing...
>
> Thanks,
>
> -Kees
>
> Kees Cook (3):
> signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
> seccomp: Invalidate seccomp mode to catch death failures
> samples/seccomp: Adjust sample to also provide kill option
>
> kernel/seccomp.c | 10 ++++++++++
> kernel/signal.c | 5 +++--
> samples/seccomp/dropper.c | 9 +++++++--
> 3 files changed, 20 insertions(+), 4 deletions(-)
Eric
Powered by blists - more mailing lists