** Also affects: linux (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Impish)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Jammy)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Focal)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Impish)
Status: New => In Progress
** Changed in: linux (Ubuntu Impish)
Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)
** Changed in: linux (Ubuntu Bionic)
Status: New => In Progress
** Changed in: linux (Ubuntu Bionic)
Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)
** Changed in: linux (Ubuntu Xenial)
Status: New => Triaged
** Changed in: linux (Ubuntu Xenial)
Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)
** Changed in: linux (Ubuntu Xenial)
Importance: Undecided => High
** Changed in: linux (Ubuntu Bionic)
Importance: Undecided => High
** Changed in: linux (Ubuntu Focal)
Importance: Undecided => High
** Changed in: linux (Ubuntu Impish)
Importance: Undecided => High
** Changed in: linux (Ubuntu Jammy)
Importance: Undecided => High
** Changed in: linux (Ubuntu)
Importance: Undecided => High
** Changed in: linux (Ubuntu)
Status: New => Fix Committed
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1972740
Title:
Unprivileged users may use PTRACE_SEIZE to set
PTRACE_O_SUSPEND_SECCOMP option
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
Triaged
Status in linux source package in Bionic:
In Progress
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Impish:
In Progress
Status in linux source package in Jammy:
Fix Committed
Bug description:
[Impact]
PTRACE_O_SUSPEND_SECCOMP allows CRIU to disable seccomp on a process.
However, setting this option requires privilege when used with
PTRACE_SETOPTIONS. However, when used with PTRACE_SEIZE, no privilege is
required. This allows sandboxed processes to exit the sandbox if they are
allowed to use ptrace.
[Test case]
Run the reproducer from
https://bugs.chromium.org/p/project-zero/issues/detail?id=2276.
[Potential regression]
This may break ptrace users, specially ones using PTRACE_SEIZE or
PTRACE_SETOPTIONS. Special attention to processes being sandboxed with seccomp.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1972740/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
