| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrV8TNtc6oc=UdeoskSfaU5M79gW=EnvkHqw6=q=1DDnTA@mail.gmail.com> Date: Wed, 6 Nov 2013 13:49:43 -0800 From: Andy Lutomirski <luto@...capital.net> To: Kees Cook <keescook@...omium.org> Cc: Will Drewry <wad@...omium.org>, Russell King - ARM Linux <linux@....linux.org.uk>, Eric Paris <eparis@...hat.com>, Richard Weinberger <richard@....at>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, libseccomp-discuss@...ts.sourceforge.net, linux-arm-kernel <linux-arm-kernel@...ts.infradead.org> Subject: Re: [libseccomp-discuss] ARM audit, seccomp, etc are broken wrt OABI syscalls On Wed, Nov 6, 2013 at 1:26 PM, Kees Cook <keescook@...omium.org> wrote: > On Wed, Nov 6, 2013 at 1:20 PM, Will Drewry <wad@...omium.org> wrote: >> On Wed, Nov 6, 2013 at 9:51 AM, Russell King - ARM Linux >> <linux@....linux.org.uk> wrote: >>> On Wed, Nov 06, 2013 at 10:32:31AM -0500, Eric Paris wrote: >>>> On Tue, 2013-11-05 at 14:36 -0800, Andy Lutomirski wrote: >>>> > 1. Set a different audit arch for OABI syscalls (e.g. >>>> > AUDIT_ARCH_ARMOABI). That is, treat OABI syscall entries the same way >>>> > that x86_64 treats int 80. >>>> >>>> As the audit maintainer, I like #1. It might break ABI, but the ABI is >>>> flat wrong now and not maintainable... >>> >>> If you read the whole thread, you will see that this corner case is just >>> not worth the effort to support. Audit may as well be disabled by >>> kernel config if any OABI support is enabled. >> >> This might be the best move for seccomp too (as Kees suggested). I'd >> love to have audit arch visibility, but it's not clear that it's worth >> any sort of larger changes ... >> >> ... like adding a task_thread_info.compat flag that bubbles up to >> syscall_get_arch(), or if we assume consumers of syscall_get_nr() are >> broken today (I haven't checked), then it would be possible to at >> least re-add the 0x900000 bits, if compat, before handing back the >> system call number but leave the audit arch pieces alone. That would fix the main issue, but I bet that no one will ever do anything on the userspace side other than treating those syscalls like any other unknown syscall. > > How does this look, for the seccomp part? > > -Kees > > diff --git a/arch/Kconfig b/arch/Kconfig > index af2cc6eabcc7..3610c2d9910f 100644 > --- a/arch/Kconfig > +++ b/arch/Kconfig > @@ -331,7 +331,7 @@ config HAVE_ARCH_SECCOMP_FILTER > > config SECCOMP_FILTER > def_bool y > - depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET > + depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET && !OABI_COMPAT > help > Enable tasks to build secure computing environments defined > in terms of Berkeley Packet Filter programs which implement > Works for me. Of course, I don't maintain any of this stuff, so I don't have to deal with it :) It's probably work adding some text either in CONFIG_SECCOMP_FILTER or CONFIG_OABI_COMPAT explaining what the problem is. FWIW, does syscall restart work with OABI_COMPAT? I've never understood the syscall restart mechanism, but x86 had an issue awhile back when with sysenter vs. syscall that was kind of similar. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists