lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 2 Jan 2020 13:28:30 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org, Aleksa Sarai <cyphar@...har.com>,
        Christian Brauner <christian.brauner@...ntu.com>,
        Sargun Dhillon <sargun@...gun.me>,
        Tycho Andersen <tycho@...ho.ws>
Subject: [GIT PULL] seccomp fixes for v5.5-rc5

Hi Linus,

Please pull these seccomp fixes for v5.5-rc5. The bulk of this is fixing
the surrounding samples and selftests so that seccomp can correctly
validate the seccomp_notify_ioctl buffer as being initially zeroed.

Thanks!

-Kees

The following changes since commit fd6988496e79a6a4bdb514a4655d2920209eb85d:

  Linux 5.5-rc4 (2019-12-29 15:29:16 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.5-rc5

for you to fetch changes up to e4ab5ccc357b978999328fadae164e098c26fa40:

  selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV (2020-01-02 13:15:45 -0800)

----------------------------------------------------------------
Fixes for seccomp_notify_ioctl uapi sanity

- Fix samples and selftests to zero passed-in buffer (Sargun Dhillon)
- Enforce zeroed buffer checking (Sargun Dhillon)
- Verify buffer sanity check in selftest (Sargun Dhillon)

----------------------------------------------------------------
Sargun Dhillon (4):
      samples/seccomp: Zero out members based on seccomp_notif_sizes
      selftests/seccomp: Zero out seccomp_notif
      seccomp: Check that seccomp_notif is zeroed out by the user
      selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV

 kernel/seccomp.c                              |  7 +++++++
 samples/seccomp/user-trap.c                   |  4 ++--
 tools/testing/selftests/seccomp/seccomp_bpf.c | 15 ++++++++++++++-
 3 files changed, 23 insertions(+), 3 deletions(-)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ