Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apparently now libseccomp defines the new syscall numbers. #1495

Closed
wants to merge 1 commit into from
Closed

Apparently now libseccomp defines the new syscall numbers. #1495

wants to merge 1 commit into from

Conversation

dwrensha
Copy link
Collaborator

This undoes #1488. Apparently the latest libseccomp now defines the values? I'm curious whether this will pass in Jenkins...

@dwrensha
Copy link
Collaborator Author

Fascinating. Apparently __NR_seccomp and __NR_bpf are still not defined.

@dwrensha
Copy link
Collaborator Author

It looks like these libseccomp commits got pushed to master yesterday. They include seccomp/libseccomp@d2ca11b, which defines __NR_userfaultfd.

Unfortunately, it gets defined to -10200, which, as far I understand, is not the correct value (and I verified that this is indeed what the Sandstorm supervisor ends up seeing for the value). I guess that this is just meant to be a dummy value?

I'm also confused about why such a definition would exist for the userfaultfd syscall but not for the seccomp and bpf syscalls.

Does anyone have a better understanding of what's going on here? @amluto?

@dwrensha
Copy link
Collaborator Author

This seems to indicate that we should move our #ifndef __NR_userfaultfd so that it happens before we #include <seccomp.h>.

@amluto
Copy link
Contributor

amluto commented Feb 10, 2016 via email

@kentonv
Copy link
Member

kentonv commented Feb 10, 2016

Yeah uh IMO this is a security flaw in libseccomp -- presumably this means that if you build the supervisor against old headers, you silently end up with a sandbox that doesn't filter the newer syscalls. That's really bad!

@amluto I'm always happy to indulge in more NIH. ;)

@kentonv
Copy link
Member

kentonv commented Feb 10, 2016

Hmm actually I suspect what they're doing is making up for old kernel headers by falling back to internal tables. Presumably the weird negative value gets mapped through a table inside the library to get the correct value for the host platform. We should probably test to find out.

It's still weird that they'd override the __NR_* constants which are used by more than just libseccomp. This could mean that someone who uses the syscall() function ends up making a totally bogus syscall.

@amluto amluto mentioned this pull request Feb 12, 2016
Closed
@amluto
Copy link
Contributor

amluto commented Feb 12, 2016

I filed:

seccomp/libseccomp#27

@dwrensha
Copy link
Collaborator Author

Closing due to #1672

@dwrensha dwrensha closed this Mar 20, 2016
@dwrensha dwrensha deleted the un-ifndef branch March 20, 2016 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dwrensha @amluto @kentonv