lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1357578545-2396-1-git-send-email-coreyb@linux.vnet.ibm.com>
Date:	Mon,  7 Jan 2013 12:09:03 -0500
From:	Corey Bryant <coreyb@...ux.vnet.ibm.com>
To:	linux-kernel@...r.kernel.org
Cc:	linux-security-module@...r.kernel.org, jmorris@...ei.org,
	wad@...omium.org, pmoore@...hat.com, otubo@...ux.vnet.ibm.com
Subject: [PATCH v2 1/3] seccomp: Add SECCOMP_RET_INFO return value

Adds a new return value to seccomp filters that causes an
informational kernel message to be printed.  The message
includes the system call number and architecture.

This can be used to learn the system calls that a process
is using.

Signed-off-by: Corey Bryant <coreyb@...ux.vnet.ibm.com>
---
v2:
  - Add arch to message (wad@...omium.org)

 include/uapi/linux/seccomp.h | 1 +
 kernel/seccomp.c             | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
index ac2dc9f..0086626 100644
--- a/include/uapi/linux/seccomp.h
+++ b/include/uapi/linux/seccomp.h
@@ -22,6 +22,7 @@
 #define SECCOMP_RET_TRAP	0x00030000U /* disallow and force a SIGSYS */
 #define SECCOMP_RET_ERRNO	0x00050000U /* returns an errno */
 #define SECCOMP_RET_TRACE	0x7ff00000U /* pass to a tracer or disallow */
+#define SECCOMP_RET_INFO	0x7ff70000U /* print info message and allow */
 #define SECCOMP_RET_ALLOW	0x7fff0000U /* allow */
 
 /* Masks for the return value sections. */
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 5af44b5..954bb40 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -433,6 +433,12 @@ int __secure_computing(int this_syscall)
 				goto skip;  /* Explicit request to skip. */
 
 			return 0;
+		case SECCOMP_RET_INFO:
+			if (printk_ratelimit())
+				pr_info("seccomp: syscall=%d, arch=0x%X\n",
+					this_syscall,
+					syscall_get_arch(current, regs));
+			return 0;
 		case SECCOMP_RET_ALLOW:
 			return 0;
 		case SECCOMP_RET_KILL:
-- 
1.7.11.7

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ