| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 2 Dec 2018 23:01:08 -0600
From: "Serge E. Hallyn" <serge@...lyn.com>
To: Tycho Andersen <tycho@...ho.ws>,
Michael Kerrisk <mtk.manpages@...il.com>,
Paul Moore <paul@...l-moore.com>
Cc: Kees Cook <keescook@...omium.org>,
Andy Lutomirski <luto@...capital.net>,
Oleg Nesterov <oleg@...hat.com>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
"Serge E . Hallyn" <serge@...lyn.com>,
Christian Brauner <christian@...uner.io>,
Tyler Hicks <tyhicks@...onical.com>,
Akihiro Suda <suda.akihiro@....ntt.co.jp>,
Aleksa Sarai <asarai@...e.de>, Jann Horn <jannh@...gle.com>,
linux-kernel@...r.kernel.org,
containers@...ts.linux-foundation.org, linux-api@...r.kernel.org
Subject: Re: [PATCH v9 2/4] seccomp: switch system call argument type to void
*
On Sun, Dec 02, 2018 at 08:28:25PM -0700, Tycho Andersen wrote:
> The const qualifier causes problems for any code that wants to write to the
> third argument of the seccomp syscall, as we will do in a future patch in
> this series.
>
> The third argument to the seccomp syscall is documented as void *, so
> rather than just dropping the const, let's switch everything to use void *
> as well.
>
> I believe this is safe because of 1. the documentation above, 2. there's no
> real type information exported about syscalls anywhere besides the man
> pages.
>
> Signed-off-by: Tycho Andersen <tycho@...ho.ws>
> CC: Kees Cook <keescook@...omium.org>
> CC: Andy Lutomirski <luto@...capital.net>
> CC: Oleg Nesterov <oleg@...hat.com>
> CC: Eric W. Biederman <ebiederm@...ssion.com>
> CC: "Serge E. Hallyn" <serge@...lyn.com>
Acked-by: Serge Hallyn <serge@...lyn.com>
Though I'm not entirely convinced there will be no ill effects of changing
the argument type. I'll feel comfortable when Michael and Paul say it's
fine :)
> CC: Christian Brauner <christian@...uner.io>
> CC: Tyler Hicks <tyhicks@...onical.com>
> CC: Akihiro Suda <suda.akihiro@....ntt.co.jp>
> ---
> include/linux/seccomp.h | 2 +-
> kernel/seccomp.c | 8 ++++----
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
> index e5320f6c8654..b5103c019cf4 100644
> --- a/include/linux/seccomp.h
> +++ b/include/linux/seccomp.h
> @@ -43,7 +43,7 @@ extern void secure_computing_strict(int this_syscall);
> #endif
>
> extern long prctl_get_seccomp(void);
> -extern long prctl_set_seccomp(unsigned long, char __user *);
> +extern long prctl_set_seccomp(unsigned long, void __user *);
>
> static inline int seccomp_mode(struct seccomp *s)
> {
> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
> index 96afc32e041d..393e029f778a 100644
> --- a/kernel/seccomp.c
> +++ b/kernel/seccomp.c
> @@ -924,7 +924,7 @@ static long seccomp_get_action_avail(const char __user *uaction)
>
> /* Common entry point for both prctl and syscall. */
> static long do_seccomp(unsigned int op, unsigned int flags,
> - const char __user *uargs)
> + void __user *uargs)
> {
> switch (op) {
> case SECCOMP_SET_MODE_STRICT:
> @@ -944,7 +944,7 @@ static long do_seccomp(unsigned int op, unsigned int flags,
> }
>
> SYSCALL_DEFINE3(seccomp, unsigned int, op, unsigned int, flags,
> - const char __user *, uargs)
> + void __user *, uargs)
> {
> return do_seccomp(op, flags, uargs);
> }
> @@ -956,10 +956,10 @@ SYSCALL_DEFINE3(seccomp, unsigned int, op, unsigned int, flags,
> *
> * Returns 0 on success or -EINVAL on failure.
> */
> -long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
> +long prctl_set_seccomp(unsigned long seccomp_mode, void __user *filter)
> {
> unsigned int op;
> - char __user *uargs;
> + void __user *uargs;
>
> switch (seccomp_mode) {
> case SECCOMP_MODE_STRICT:
> --
> 2.19.1
Powered by blists - more mailing lists