Wednesday, February 25, 2009

Linux kernel minor "seccomp" vulnerability

I just released some technical details on why and how "seccomp" is vulnerable to the Linux kernel syscall filtering problems that I previously blogged about. The full details may be found here:

The actual bug is of little significance because pretty much no-one uses seccomp:

This searches for the PR_SET_SECCOMP string on Google Code Search

In addition, even if people did use this -- the bug is not a full break out, just some leakage of filesystem names via stat() or mischief via unrestricted chmod().

However, I still find this vulnerability interesting. It's a sobering reminder that even a very simple security technology can have surprising bugs. seccomp applies extremely tight restrictions on untrusted code, but within these constraints, the code still has opportunities to misbehave! And this isn't the only example. For reference, check out how a seccomp-constrained process could historically cause trouble in the syscall tracing path with:

CVE-2007-4573: trouble with the upper 32-bits of %rax not clear

CVE-2008-1615: trouble calling syscalls with a bad value in the %cs register

CVE-2004-0001: trouble with EFLAGS, unknown trigger

1 comment:

Anonymous said...

Very nice! Aion Gold You guys know what buy wow gold you're doing in wow power leveling designing Allods Gold these Allods Gold health status ffxi gil dashboards. Glad EQ2 Gold to see Lotro Gold your taking maple story mesos transparency seriously, and recognizing ROM Gold the benefits of opening eve isk up to your users. It will be an interest case study Lineage 2 adena to see how the (inevitable) next downtime event compares to the swg Credits previous one now that this exists.