[PATCH 14/14] um/ptrace: run seccomp after ptrace

[PATCH 00/14] run seccomp after ptrace · Kees Cook <hidden> · 2016-06-09
[PATCH 03/14] x86/entry: Get rid of two-phase syscall entry work · Kees Cook <hidden> · 2016-06-09
[PATCH 05/14] seccomp: recheck the syscall after RET_TRACE · Kees Cook <hidden> · 2016-06-09
Re: [PATCH 05/14] seccomp: recheck the syscall after RET_TRACE · Andy Lutomirski <luto@amacapital.net> · 2016-06-09
[PATCH 12/14] powerpc/ptrace: run seccomp after ptrace · Kees Cook <hidden> · 2016-06-09
[PATCH 09/14] MIPS/ptrace: run seccomp after ptrace · Kees Cook <hidden> · 2016-06-09
[PATCH 07/14] arm/ptrace: run seccomp after ptrace · Kees Cook <hidden> · 2016-06-09
[PATCH 06/14] x86/ptrace: run seccomp after ptrace · Kees Cook <hidden> · 2016-06-09
Re: [PATCH 06/14] x86/ptrace: run seccomp after ptrace · Andy Lutomirski <luto@amacapital.net> · 2016-06-09
Re: [PATCH 06/14] x86/ptrace: run seccomp after ptrace · Kees Cook <hidden> · 2016-06-10
Re: [PATCH 06/14] x86/ptrace: run seccomp after ptrace · Andy Lutomirski <luto@amacapital.net> · 2016-06-14
[PATCH 04/14] seccomp: remove 2-phase API · Kees Cook <hidden> · 2016-06-09
[PATCH 13/14] tile/ptrace: run seccomp after ptrace · Kees Cook <hidden> · 2016-06-09
[PATCH 14/14] um/ptrace: run seccomp after ptrace · Kees Cook <hidden> · 2016-06-09
[PATCH 11/14] s390/ptrace: run seccomp after ptrace · Kees Cook <hidden> · 2016-06-09
Re: [PATCH 11/14] s390/ptrace: run seccomp after ptrace · Martin Schwidefsky <hidden> · 2016-06-10
[PATCH 10/14] parisc/ptrace: run seccomp after ptrace · Kees Cook <hidden> · 2016-06-09
[PATCH 08/14] arm64/ptrace: run seccomp after ptrace · Kees Cook <hidden> · 2016-06-09
[PATCH 01/14] seccomp: add tests for ptrace hole · Kees Cook <hidden> · 2016-06-09
[PATCH 02/14] seccomp: Add a seccomp_data parameter secure_computing() · Kees Cook <hidden> · 2016-06-09
Re: [PATCH 00/14] run seccomp after ptrace · Kees Cook <hidden> · 2016-06-13

From: Kees Cook <hidden>
Date: 2016-06-09 21:05:55
Also in: linux-arch, linux-arm-kernel, linux-s390, linux-um, linuxppc-dev, lkml
Subsystem: the rest, user-mode linux (uml) · Maintainers: Linus Torvalds, Richard Weinberger, Anton Ivanov, Johannes Berg

Close the hole where ptrace can change a syscall out from under seccomp.

Signed-off-by: Kees Cook <redacted>
Cc: Jeff Dike <redacted>
Cc: Richard Weinberger <richard@nod.at>
Cc: user-mode-linux-devel@lists.sourceforge.net
---
 arch/um/kernel/skas/syscall.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/arch/um/kernel/skas/syscall.c b/arch/um/kernel/skas/syscall.c
index 9c5570f0f397..ef4b8f949b51 100644
--- a/arch/um/kernel/skas/syscall.c
+++ b/arch/um/kernel/skas/syscall.c

@@ -20,12 +20,12 @@ void handle_syscall(struct uml_pt_regs *r)
 	UPT_SYSCALL_NR(r) = PT_SYSCALL_NR(r->gp);
 	PT_REGS_SET_SYSCALL_RETURN(regs, -ENOSYS);
 
-	/* Do the secure computing check first; failures should be fast. */
-	if (secure_computing(NULL) == -1)
+	if (syscall_trace_enter(regs))
 		return;
 
-	if (syscall_trace_enter(regs))
-		goto out;
+	/* Do the seccomp check after ptrace; failures should be fast. */
+	if (secure_computing(NULL) == -1)
+		return;
 
 	/* Update the syscall number after orig_ax has potentially been updated
 	 * with ptrace.

@@ -37,6 +37,5 @@ void handle_syscall(struct uml_pt_regs *r)
 		PT_REGS_SET_SYSCALL_RETURN(regs,
 				EXECUTE_SYSCALL(syscall, regs));
 
-out:
 	syscall_trace_leave(regs);
 }

-- 
2.7.4

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help