Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932188AbVIEDyr (ORCPT ); Sun, 4 Sep 2005 23:54:47 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S932190AbVIEDyr (ORCPT ); Sun, 4 Sep 2005 23:54:47 -0400 Received: from ppp-217-133-42-200.cust-adsl.tiscali.it ([217.133.42.200]:32322 "EHLO g5.random") by vger.kernel.org with ESMTP id S932188AbVIEDyq (ORCPT ); Sun, 4 Sep 2005 23:54:46 -0400 Date: Mon, 5 Sep 2005 05:54:32 +0200 From: Andrea Arcangeli To: Andrew Morton Cc: Roland McGrath , linux-kernel@vger.kernel.org, cpushare-devel@cpushare.com Subject: [patch] i386 seccomp fix for auditing/ptrace Message-ID: <20050905035432.GG17185@g5.random> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.9i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1871 Lines: 59 Hello, This is the same issue as ppc64 before, when returning to userland we shouldn't re-compute the seccomp check or the task could be killed during sigreturn when orig_eax is overwritten by the sigreturn syscall. This was found by Roland. This was harmless from a security standpoint, but some i686 users reported failures with auditing enabled system wide (some distro surprisingly makes it the default) and I reproduced it too by keeping the whole workload under strace -f. Patch is tested and works for me under strace -f. nobody@athlon:~/cpushare> strace -o /tmp/o -f python seccomp_test.py make: Nothing to be done for `seccomp_test'. Starting computing some malicious bytecode init load start stop receive_data failure kill exit_code 0 signal 9 The malicious bytecode has been killed successfully by seccomp Starting computing some safe bytecode init load start stop 174 counts kill exit_code 0 signal 0 The seccomp_test.py completed successfully, thank you for testing. Thanks. Signed-off-by: Andrea Arcangeli diff -r 1df7bfbb783f arch/i386/kernel/ptrace.c --- a/arch/i386/kernel/ptrace.c Fri Sep 2 09:01:35 2005 +++ b/arch/i386/kernel/ptrace.c Mon Sep 5 05:30:49 2005 @@ -680,8 +680,9 @@ __attribute__((regparm(3))) void do_syscall_trace(struct pt_regs *regs, int entryexit) { - /* do the secure computing check first */ - secure_computing(regs->orig_eax); + if (!entryexit) + /* do the secure computing check first */ + secure_computing(regs->orig_eax); if (unlikely(current->audit_context) && entryexit) audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), regs->eax); - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/