| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220210025321.787113-1-keescook@chromium.org>
Date: Wed, 9 Feb 2022 18:53:18 -0800
From: Kees Cook <keescook@...omium.org>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Kees Cook <keescook@...omium.org>,
Robert Święcki <robert@...ecki.net>,
Andy Lutomirski <luto@...capital.net>,
Will Drewry <wad@...omium.org>, linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: [PATCH 0/3] signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
Hi,
This fixes the signal refactoring to actually kill unkillable processes
when receiving a fatal SIGSYS from seccomp. Thanks to Robert for the
report and Eric for the fix! I've also tweaked seccomp internal a bit to
fail more safely. This was a partial seccomp bypass, in the sense that
SECCOMP_RET_KILL_* didn't kill the process, but it didn't bypass other
aspects of the filters. (i.e. the syscall was still blocked, etc.)
I'll be sending this to Linus after a bit more testing...
Thanks,
-Kees
Kees Cook (3):
signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
seccomp: Invalidate seccomp mode to catch death failures
samples/seccomp: Adjust sample to also provide kill option
kernel/seccomp.c | 10 ++++++++++
kernel/signal.c | 5 +++--
samples/seccomp/dropper.c | 9 +++++++--
3 files changed, 20 insertions(+), 4 deletions(-)
--
2.30.2
Powered by blists - more mailing lists