lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Feb 2022 12:17:50 -0600 From: "Eric W. Biederman" <ebiederm@...ssion.com> To: Kees Cook <keescook@...omium.org> Cc: Robert Święcki <robert@...ecki.net>, Andy Lutomirski <luto@...capital.net>, Will Drewry <wad@...omium.org>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH 0/3] signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE Kees Cook <keescook@...omium.org> writes: > Hi, > > This fixes the signal refactoring to actually kill unkillable processes > when receiving a fatal SIGSYS from seccomp. Thanks to Robert for the > report and Eric for the fix! I've also tweaked seccomp internal a bit to > fail more safely. This was a partial seccomp bypass, in the sense that > SECCOMP_RET_KILL_* didn't kill the process, but it didn't bypass other > aspects of the filters. (i.e. the syscall was still blocked, etc.) Any luck on figuring out how to suppress the extra event? > > I'll be sending this to Linus after a bit more testing... > > Thanks, > > -Kees > > Kees Cook (3): > signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE > seccomp: Invalidate seccomp mode to catch death failures > samples/seccomp: Adjust sample to also provide kill option > > kernel/seccomp.c | 10 ++++++++++ > kernel/signal.c | 5 +++-- > samples/seccomp/dropper.c | 9 +++++++-- > 3 files changed, 20 insertions(+), 4 deletions(-) Eric
Powered by blists - more mailing lists