[SRU Bionic/Impish 0/1] LP: #1972740 Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue May 10 00:42:50 UTC 2022
[Impact]
PTRACE_O_SUSPEND_SECCOMP allows CRIU to disable seccomp on a process.
However, setting this option requires privilege when used with
PTRACE_SETOPTIONS. However, when used with PTRACE_SEIZE, no privilege is
required. This allows sandboxed processes to exit the sandbox if they are
allowed to use ptrace.
[Test case]
Run the reproducer from https://bugs.chromium.org/p/project-zero/issues/detail?id=2276.
[Potential regression]
This may break ptrace users, specially ones using PTRACE_SEIZE or
PTRACE_SETOPTIONS. Special attention to processes being sandboxed with
seccomp.
[Other kernels]
This fix is already applied on 5.15, 5.4 and 5.14 trees, and on the kernels
in the ppa for cycle 2022.05.09. The reproducer was tested against those
kernels in the ppas and 5.13 and 4.15 with the fix applied.
Jann Horn (1):
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
kernel/ptrace.c | 47 ++++++++++++++++++++++++++++++++---------------
1 file changed, 32 insertions(+), 15 deletions(-)
--
2.32.0
More information about the kernel-team
mailing list