APPLIED: [SRU Bionic/Impish 0/1] LP: #1972740 Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
Kleber Souza
kleber.sacilotto.de.souza at canonical.com
Tue May 10 09:13:08 UTC 2022
On 10.05.22 02:42, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> PTRACE_O_SUSPEND_SECCOMP allows CRIU to disable seccomp on a process.
> However, setting this option requires privilege when used with
> PTRACE_SETOPTIONS. However, when used with PTRACE_SEIZE, no privilege is
> required. This allows sandboxed processes to exit the sandbox if they are
> allowed to use ptrace.
>
> [Test case]
> Run the reproducer from https://bugs.chromium.org/p/project-zero/issues/detail?id=2276.
>
> [Potential regression]
> This may break ptrace users, specially ones using PTRACE_SEIZE or
> PTRACE_SETOPTIONS. Special attention to processes being sandboxed with
> seccomp.
>
> [Other kernels]
> This fix is already applied on 5.15, 5.4 and 5.14 trees, and on the kernels
> in the ppa for cycle 2022.05.09. The reproducer was tested against those
> kernels in the ppas and 5.13 and 4.15 with the fix applied.
>
> Jann Horn (1):
> ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
>
> kernel/ptrace.c | 47 ++++++++++++++++++++++++++++++++---------------
> 1 file changed, 32 insertions(+), 15 deletions(-)
>
Applied to bionic/impish:linux.
Thanks,
Kleber
More information about the kernel-team
mailing list