lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Feb 2022 12:01:00 -0800 From: Kees Cook <keescook@...omium.org> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Robert Święcki <robert@...ecki.net>, Andy Lutomirski <luto@...capital.net>, Will Drewry <wad@...omium.org>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH 0/3] signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE On Fri, Feb 11, 2022 at 11:46:53AM -0600, Eric W. Biederman wrote: > Robert Święcki <robert@...ecki.net> writes: > > When I noticed this problem, I was looking for a way to figure out > > what syscall caused SIGSYS (via SECCOMP_RET_KILL_*), and there's no > > easy way to do that programmatically from the perspective of a parent > > process. There are three ways of doing this that come to mind. > > Unless I am misunderstanding what you are looking for > this information is contained within the SIGSYS siginfo. > The field si_syscall contains the system call number and > the field si_errno contains return code from the seccomp filter. > > All of that can be read from the core dump of the process that exited. > > Looking quickly I don't see a good way to pull that signal information > out of the kernel other than with a coredump. > > It might be possible to persuade PTRACE_EVENT_EXIT to give it to you, > but I haven't looked at it enough to see if that would be a sensible > strategy. If there is already a ptrace on the child with PTRACE_O_TRACEEXIT, it should be possible to use PTRACE_GETSIGINFO. > > I think it'd be good to have some way of doing it from the perspective > > of a parent process - it'd simplify development of sandboxing managers > > (eg nsjail, minijail, firejail), and creation of good seccomp > > policies. > > By development do you mean debugging sandbox managers? Or do you mean > something that sandbox managers can use on a routine basis? It'd really be nice to be able to get this info without the ptrace relationship already in place... hmmm. -- Kees Cook
Powered by blists - more mailing lists