lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202202111856.4A98232C9D@keescook>
Date:   Fri, 11 Feb 2022 19:02:38 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org,
        Andy Lutomirski <luto@...capital.net>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Kees Cook <keescook@...omium.org>,
        Robert Święcki <robert@...ecki.net>,
        Will Drewry <wad@...omium.org>
Subject: [GIT PULL] seccomp fixes for v5.17-rc4

Hi Linus,

Please pull these signal and seccomp fixes for v5.17-rc4. This fixes a
corner case of fatal SIGSYS being ignored since v5.15. Along with the
signal fix is a change to seccomp so that seeing another syscall after
a fatal filter result will cause seccomp to kill the process harder.

Thanks!

-Kees

The following changes since commit 26291c54e111ff6ba87a164d85d4a4e134b7315c:

  Linux 5.17-rc2 (2022-01-30 15:37:07 +0200)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/seccomp-v5.17-rc4

for you to fetch changes up to eed09ad261822a7bdc441ed192c6f444375e5527:

  samples/seccomp: Adjust sample to also provide kill option (2022-02-10 19:09:12 -0800)

----------------------------------------------------------------
seccomp fixes for v5.17-rc4

- Force HANDLER_EXIT even for SIGNAL_UNKILLABLE.
- Make seccomp self-destruct after fatal filter results.
- Update seccomp samples for easier behavioral demonstration.

----------------------------------------------------------------
Kees Cook (3):
      signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
      seccomp: Invalidate seccomp mode to catch death failures
      samples/seccomp: Adjust sample to also provide kill option

 kernel/seccomp.c          | 10 ++++++++++
 kernel/signal.c           |  5 +++--
 samples/seccomp/dropper.c |  9 +++++++--
 3 files changed, 20 insertions(+), 4 deletions(-)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ