** Changed in: linux (Ubuntu Bionic)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Impish)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1972740
Title:
Unprivileged users may use PTRACE_SEIZE to set
PTRACE_O_SUSPEND_SECCOMP option
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
Triaged
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Impish:
Fix Committed
Status in linux source package in Jammy:
Fix Committed
Bug description:
[Impact]
PTRACE_O_SUSPEND_SECCOMP allows CRIU to disable seccomp on a process.
However, setting this option requires privilege when used with
PTRACE_SETOPTIONS. However, when used with PTRACE_SEIZE, no privilege is
required. This allows sandboxed processes to exit the sandbox if they are
allowed to use ptrace.
[Test case]
Run the reproducer from
https://bugs.chromium.org/p/project-zero/issues/detail?id=2276.
[Potential regression]
This may break ptrace users, specially ones using PTRACE_SEIZE or
PTRACE_SETOPTIONS. Special attention to processes being sandboxed with seccomp.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1972740/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
