[Precise][SRU][PATCH] UBUNTU: SAUCE: backport ARM seccomp-bpf support

[Kees Cook]

Hi,

On Thu, Nov 7, 2013 at 6:32 AM, Andy Whitcroft <apw at canonical.com> wrote:
> On Wed, Nov 06, 2013 at 12:57:10PM -0800, Kees Cook wrote:
>> This is a behavioral backport of the upstream ARM seccomp-bpf support,
>> with as few changes as possible. This passes the seccomp test suite on
>> both x86 and ARM.
>
> Could you drop in a pointer to this test suite for us, we might well be
> interested in using that.

Sure! I actually already added that to the bug[1] report, since that
seemed the right place to collect the SRU details. Repeating it here
for good measure:

[Test Case]
git clone https://github.com/redpig/seccomp.git
cd seccomp/tests
make
./seccomp_bpf_tests
All tests should pass

> Could you confirm that this should not affect operations but is mostly
> fixing up holes that might be exploitable.

It does not change x86 operation, and does not fix exploitable holes.
It simply makes seccomp-bpf available at all on ARM. Before this
patch, seccomp-bpf couldn't be used on ARM. The driving motivation
here is to get Chrome on ARM on Precise making use of its full
sandboxing capabilities.

> Otherwise I assume what this does is bring what is in Precise up to the
> same level as mainline, allowing us to guarentee that more modern
> consumers of this interface will work consistantly on all releases back
> to Precice.

Correct -- in the core seccomp, it fixes 1 extremely minor difference
between Precise and mainline (the action masks), but that change has
no behavioral difference for "real" seccomp filters, and the old
situation posed no risk to the system for a "bad" seccomp filter. It
was simply noticed during the much more strict test case execution.

Besides that, it just wires up everything that is required on ARM to
call into seccomp correctly.

-Kees

[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1183616

-- 
Kees Cook
Chrome OS Security