lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Feb 2022 19:02:38 -0800 From: Kees Cook <keescook@...omium.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: linux-kernel@...r.kernel.org, Andy Lutomirski <luto@...capital.net>, "Eric W. Biederman" <ebiederm@...ssion.com>, Kees Cook <keescook@...omium.org>, Robert Święcki <robert@...ecki.net>, Will Drewry <wad@...omium.org> Subject: [GIT PULL] seccomp fixes for v5.17-rc4 Hi Linus, Please pull these signal and seccomp fixes for v5.17-rc4. This fixes a corner case of fatal SIGSYS being ignored since v5.15. Along with the signal fix is a change to seccomp so that seeing another syscall after a fatal filter result will cause seccomp to kill the process harder. Thanks! -Kees The following changes since commit 26291c54e111ff6ba87a164d85d4a4e134b7315c: Linux 5.17-rc2 (2022-01-30 15:37:07 +0200) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.17-rc4 for you to fetch changes up to eed09ad261822a7bdc441ed192c6f444375e5527: samples/seccomp: Adjust sample to also provide kill option (2022-02-10 19:09:12 -0800) ---------------------------------------------------------------- seccomp fixes for v5.17-rc4 - Force HANDLER_EXIT even for SIGNAL_UNKILLABLE. - Make seccomp self-destruct after fatal filter results. - Update seccomp samples for easier behavioral demonstration. ---------------------------------------------------------------- Kees Cook (3): signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE seccomp: Invalidate seccomp mode to catch death failures samples/seccomp: Adjust sample to also provide kill option kernel/seccomp.c | 10 ++++++++++ kernel/signal.c | 5 +++-- samples/seccomp/dropper.c | 9 +++++++-- 3 files changed, 20 insertions(+), 4 deletions(-) -- Kees Cook
Powered by blists - more mailing lists