lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGXu5jJzboJ47tZH_BkeXTYgD_QyTpK4gXd8FTpcj-acO-F+VQ@mail.gmail.com>
Date:   Fri, 11 Aug 2017 12:17:07 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Tyler Hicks <tyhicks@...onical.com>
Cc:     Andy Lutomirski <luto@...capital.net>,
        Will Drewry <wad@...omium.org>,
        Paul Moore <paul@...l-moore.com>,
        Eric Paris <eparis@...hat.com>,
        John Crispin <john@...ozen.org>,
        Tycho Andersen <tycho@...ker.com>, linux-audit@...hat.com,
        LKML <linux-kernel@...r.kernel.org>,
        Linux API <linux-api@...r.kernel.org>
Subject: Re: [PATCH v6 3/6] seccomp: Sysctl to configure actions that are
 allowed to be logged

On Thu, Aug 10, 2017 at 9:33 PM, Tyler Hicks <tyhicks@...onical.com> wrote:
> +static int seccomp_actions_logged_handler(struct ctl_table *ro_table, int write,
> +                                         void __user *buffer, size_t *lenp,
> +                                         loff_t *ppos)
> +{
> +       char names[sizeof(seccomp_actions_avail)];
> +       struct ctl_table table;
> +       int ret;
> +
> +       if (write && !capable(CAP_SYS_ADMIN))
> +               return -EPERM;
> +
> +       memset(names, 0, sizeof(names));
> +
> +       if (!write) {
> +               if (!seccomp_names_from_actions_logged(names, sizeof(names),
> +                                                      seccomp_actions_logged))
> +                       return -EINVAL;
> +       }
> +
> +       table = *ro_table;
> +       table.data = names;
> +       table.maxlen = sizeof(names);
> +       ret = proc_dostring(&table, write, buffer, lenp, ppos);
> +       if (ret)
> +               return ret;
> +
> +       if (write) {
> +               u32 actions_logged;
> +
> +               if (!seccomp_actions_logged_from_names(&actions_logged,
> +                                                      table.data))
> +                       return -EINVAL;
> +
> +               if (actions_logged & SECCOMP_LOG_ALLOW)
> +                       return -EINVAL;
> +
> +               seccomp_actions_logged = actions_logged;
> +       }
> +
> +       return 0;
> +}

One thought here: should "kill" be always forced on during a write?
This flag effectively cannot be disabled, so listing it (or not) in
the sysctl may be confusing...

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ