| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7a101bfc-b045-35f8-aa3f-a18ecc896fc8@gmail.com>
Date: Fri, 1 Mar 2019 16:13:46 +0100
From: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
To: Tycho Andersen <tycho@...ho.ws>
Cc: mtk.manpages@...il.com, "Serge E. Hallyn" <serge@...lyn.com>,
linux-man@...r.kernel.org, Kees Cook <keescook@...omium.org>,
Linux API <linux-api@...r.kernel.org>,
lkml <linux-kernel@...r.kernel.org>,
Andy Lutomirski <luto@...capital.net>,
Jann Horn <jann@...jh.net>, Oleg Nesterov <oleg@...hat.com>,
Christian Brauner <christian@...uner.io>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Containers <containers@...ts.linux-foundation.org>,
Aleksa Sarai <asarai@...e.de>,
Tyler Hicks <tyhicks@...onical.com>,
Akihiro Suda <suda.akihiro@....ntt.co.jp>
Subject: Re: [PATCH 2/2] seccomp.2: document userspace notification
On 3/1/19 3:53 PM, Tycho Andersen wrote:
> On Thu, Feb 28, 2019 at 02:25:55PM +0100, Michael Kerrisk (man-pages) wrote:
>>> 7. The monitoring process can use the information in the
>>> 'struct seccomp_notif' to make a determination about the
>>> system call being made by the target process. This
>>> structure includes a 'data' field that is the same
>>> 'struct seccomp_data' that is passed to a BPF filter.
>>>
>>> In addition, the monitoring process may make use of other
>>> information that is available from user space. For example,
>>> it may inspect the memory of the target process (whose PID
>>> is provided in the 'struct seccomp_notif') using
>>> /proc/PID/mem, which includes inspecting the values
>>> pointed to by system call arguments (whose location is
>>> available 'seccomp_notif.data.args). However, when using
>>> the target process PID in this way, one must guard against
>>> PID re-use race conditions using the seccomp()
>>> SECCOMP_IOCTL_NOTIF_ID_VALID operation.
>>>
>>> 8. Having arrived at a decision about the target process's
>>> system call, the monitoring process can inform the kernel
>>> of its decision using the operation
>>>
>>> ioctl(listenfd, SECCOMP_IOCTL_NOTIF_SEND, respptr)
>>>
>>> where the third argument is a pointer to a
>>> 'struct seccomp_notif_resp'. [Some more details
>>> needed here, but I still don't yet understand fully
>>> the semantics of the 'error' and 'val' fields.]
>>
>> So clearly, I misunderstood these last two steps.
>>
>> (7) is something like: discover information in userspace
>> as required; perform userspace actions if appropriate
>> (perhaps doing the system call operation "on behalf of" the
>> target process).
>>
>>
>> (8) is something like:
>> set 'error' and 'val' to return info to the target process:
>> * error != 0 ==> make it look like the syscall failed,
>> with 'errno' set to that value
That piece should be amended:
error < 0 ==> make it look like syscall failed.
error > 0 ==> make it look like the syscall succeeded
and returned 'error'
Is that really supposed to happen?
>> * error == 0 ==> make it look like the syscall succeeded
>> and returned 'val'
Thanks,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
Powered by blists - more mailing lists