Re: [PATCH] seccomp: Add group_leader pid to seccomp_notif
From: Aleksa Sarai
Date: Sun May 17 2020 - 07:22:08 EST
On 2020-05-17, Christian Brauner <christian.brauner@xxxxxxxxxx> wrote:
> Or... And that's more invasive but ultimately cleaner we v2 the whole
> thing so e.g. SECCOMP_IOCTL_NOTIF_RECV2, SECCOMP_IOCTL_NOTIF_SEND2, and
> embedd the size argument in the structs. Userspace sets the size
> argument, we use get_user() to get the size first and then
> copy_struct_from_user() to handle it cleanly based on that. A similar
> model as with sched (has other unrelated quirks because they messed up
> something too):
>
> static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *attr)
> {
> u32 size;
> int ret;
>
> /* Zero the full structure, so that a short copy will be nice: */
> memset(attr, 0, sizeof(*attr));
>
> ret = get_user(size, &uattr->size);
> if (ret)
> return ret;
>
> /* ABI compatibility quirk: */
> if (!size)
> size = SCHED_ATTR_SIZE_VER0;
> if (size < SCHED_ATTR_SIZE_VER0 || size > PAGE_SIZE)
> goto err_size;
>
> ret = copy_struct_from_user(attr, sizeof(*attr), uattr, size);
> if (ret) {
> if (ret == -E2BIG)
> goto err_size;
> return ret;
> }
>
> We're probably the biggest user of this right now and I'd be ok with
> that change. If it's a v2 than whatever. :)
I'm :+1: on a new version and switch to copy_struct_from_user(). I was a
little surprised when I found out that user_notif doesn't do it this
way a while ago (and although in theory it is userspace's fault, ideally
we could have an API that doesn't have built-in footguns).
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature