lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 11 Aug 2017 15:05:12 -0700
From:   Kees Cook <keescook@...omium.org>
To:     linux-kernel@...r.kernel.org
Cc:     Kees Cook <keescook@...omium.org>,
        Tyler Hicks <tyhicks@...onical.com>,
        Fabricio Voznika <fvoznika@...gle.com>,
        Paul Moore <paul@...l-moore.com>,
        Tycho Andersen <tycho@...ker.com>,
        Andy Lutomirski <luto@...capital.net>,
        Will Drewry <wad@...omium.org>, Shuah Khan <shuah@...nel.org>,
        Mathias Svensson <idolf@...gle.com>,
        James Morris <james.l.morris@...cle.com>,
        linux-security-module@...r.kernel.org, linux-doc@...r.kernel.org,
        linux-api@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: [PATCH v4 0/4] seccomp: Implement SECCOMP_RET_KILL_PROCESS action

This series is the result of Fabricio, Tyler, Will and I going around a
few times on possible solutions for finding a way to enhance RET_KILL
to kill the process group. There's a lot of ways this could be done,
but I wanted something that felt cleanest. My sense of what constitutes
"clean" has shifted a few times, and after continually running into
weird corner cases, I decided to make changes to the seccomp action mask,
which shouldn't be too invasive to userspace as it turns out. Everything
else becomes much easier, especially after being able to use Tyler's
new SECCOMP_GET_ACTION_AVAIL operation.

This renames SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD and adds
SECCOMP_RET_KILL_PROCESS.

Please take a look!

Thanks,

-Kees

v4:
- basically only kept the selftests, tossed everything else
- expanded SECCOMP_RET_ACTION mask into SECCOMP_RET_ACTION_FULL
- renamed SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD
- added SECCOMP_RET_KILL_PROCESS as "-1" value, below 0 (RET_KILL)
- use signed tests in the kernel for seccomp actions

v3:
- adjust seccomp_run_filters() to avoid later filters from masking
  kill-process RET_KILL actions (drewry)
- add test for masked RET_KILL.

v2:
- moved kill_process bool into struct padding gap (tyhicks)
- improved comments/docs in various places for clarify (tyhicks)
- use ASSERT_TRUE() for WIFEXITED and WIFSIGNALLED (tyhicks)
- adding Reviewed-bys from tyhicks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ