lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 17 May 2020 21:21:56 +1000
From:   Aleksa Sarai <asarai@...e.de>
To:     Christian Brauner <christian.brauner@...ntu.com>
Cc:     Kees Cook <keescook@...omium.org>, linux-api@...r.kernel.org,
        containers@...ts.linux-foundation.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] seccomp: Add group_leader pid to seccomp_notif

On 2020-05-17, Christian Brauner <christian.brauner@...ntu.com> wrote:
> Or... And that's more invasive but ultimately cleaner we v2 the whole
> thing so e.g. SECCOMP_IOCTL_NOTIF_RECV2, SECCOMP_IOCTL_NOTIF_SEND2, and
> embedd the size argument in the structs. Userspace sets the size
> argument, we use get_user() to get the size first and then
> copy_struct_from_user() to handle it cleanly based on that. A similar
> model as with sched (has other unrelated quirks because they messed up
> something too):
> 
> static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *attr)
> {
> 	u32 size;
> 	int ret;
> 
> 	/* Zero the full structure, so that a short copy will be nice: */
> 	memset(attr, 0, sizeof(*attr));
> 
> 	ret = get_user(size, &uattr->size);
> 	if (ret)
> 		return ret;
> 
> 	/* ABI compatibility quirk: */
> 	if (!size)
> 		size = SCHED_ATTR_SIZE_VER0;
> 	if (size < SCHED_ATTR_SIZE_VER0 || size > PAGE_SIZE)
> 		goto err_size;
> 
> 	ret = copy_struct_from_user(attr, sizeof(*attr), uattr, size);
> 	if (ret) {
> 		if (ret == -E2BIG)
> 			goto err_size;
> 		return ret;
> 	}
> 
> We're probably the biggest user of this right now and I'd be ok with
> that change. If it's a v2 than whatever. :)

I'm :+1: on a new version and switch to copy_struct_from_user(). I was a
little surprised when I found out that user_notif doesn't do it this
way a while ago (and although in theory it is userspace's fault, ideally
we could have an API that doesn't have built-in footguns).

-- 
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ