| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHsH6GsXacPXiEz7amTcgBfWdiOJx2G3cAMdSdnkqOnJ+opqQg@mail.gmail.com> Date: Tue, 21 Jan 2025 06:47:35 -0800 From: Eyal Birger <eyal.birger@...il.com> To: Jiri Olsa <olsajiri@...il.com> Cc: Kees Cook <kees@...nel.org>, luto@...capital.net, wad@...omium.org, oleg@...hat.com, ldv@...ace.io, mhiramat@...nel.org, andrii@...nel.org, alexei.starovoitov@...il.com, cyphar@...har.com, songliubraving@...com, yhs@...com, john.fastabend@...il.com, peterz@...radead.org, tglx@...utronix.de, bp@...en8.de, daniel@...earbox.net, ast@...nel.org, andrii.nakryiko@...il.com, rostedt@...dmis.org, rafi@....io, shmulik.ladkani@...il.com, bpf@...r.kernel.org, linux-api@...r.kernel.org, linux-trace-kernel@...r.kernel.org, x86@...nel.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH] seccomp: passthrough uretprobe systemcall without filtering Hi, On Tue, Jan 21, 2025 at 6:38 AM Jiri Olsa <olsajiri@...il.com> wrote: > > On Sat, Jan 18, 2025 at 07:39:25PM -0800, Eyal Birger wrote: > > SNIP > > > I think I wasn't accurate in my wording. > > The uretprobe syscall is added to the tracee by the kernel. > > The tracer itself is merely requesting to attach a uretprobe bpf > > function. In previous versions, this was implemented by the kernel > > installing an int3 instruction, and in the new implementation the kernel > > is installing a uretprobe syscall. > > The "user" in this case - the tracer program - didn't deliberately install > > the syscall, but anyway this is semantics. > > > > I think I understand your point that it is regarded as "policy", only that > > it creates a problem in actual deployments, where in order to be able to > > run the tracer software which has been working on newer kernels a new docker > > has to be deployed. > > > > I'm trying to find a pragmatic solution to this problem, and I understand > > the motivation to avoid policy in seccomp. > > > > Alternatively, maybe this syscall implementation should be reverted? > > you mentioned in the previous reply: > > > > As far as I can tell libseccomp needs to provide support for this new > > > syscall and a new docker version would need to be deployed, so It's not > > > just a configuration change. Also the default policy which comes packed in > > > docker would probably need to be changed to avoid having to explicitly > > > provide a seccomp configuration for each deployment. > > please disregard if this is too stupid.. but could another way out be just > to disable it (easy to do) and meanwhile teach libseccomp to allow uretprobe > (or whatever mechanism needs to be added to libseccomp) plus the needed > docker change ... to minimize the impact ? Right. the patch I was thinking to suggest wouldn't revert the entire thing, but instead disable its use for now and allow a careful reconsideration of the available options. If that makes sense, I'll post it. > > or there's just too many other seccomp user space libraries I think in theory, the example of a simple binary using "restrict" mode makes it problematic to assume that this can be fixed solely from userspace i.e. for such binary, uretprobes would still work in one kernel version and break on another. It's hard to tell how common this is. > > I'm still trying to come up with some other solution but wanted > to exhaust all the options I could think of > > thanks, > jirka
Powered by blists - more mailing lists