Allow trinity to use the recently added seccomp bpf generator
that was introduced in 3d0d78 ("bpf: add randomized seccomp
filter generated by markov chain"). The last two arguments for
that call can be left as random, the kernel does not seem to
care about it.Signed-off-by: Daniel Borkmann <[email protected]> --- include/sanitise.h | 2 +- syscalls/prctl.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/include/sanitise.h b/include/sanitise.h index 59313fb..101094f 100644 --- a/include/sanitise.h +++ b/include/sanitise.h @@ -6,7 +6,7 @@ void sanitise_mmap(int childno); void sanitise_rt_sigaction(int childno); void sanitise_socket(int childno); - +void sanitise_prctl(int childno); void sanitise_ioctl_sg_io(int childno); void generic_sanitise(int childno); diff --git a/syscalls/prctl.c b/syscalls/prctl.c index 5ed8b86..93d1fb3 100644 --- a/syscalls/prctl.c +++ b/syscalls/prctl.c @@ -2,7 +2,49 @@ * SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, unsigned long, arg4, unsigned long, arg5) */ +#include <stdlib.h> +#include <linux/prctl.h> +#include <linux/seccomp.h> +#include <sys/prctl.h> + #include "sanitise.h" +#include "net.h" +#include "maps.h" +#include "shm.h" + +#define NR_PRCTL_OPTS 28 +static int prctl_opts[NR_PRCTL_OPTS] = { + PR_CAPBSET_READ, PR_CAPBSET_DROP, PR_SET_DUMPABLE, PR_GET_DUMPABLE, + PR_SET_ENDIAN, PR_GET_ENDIAN, PR_SET_FPEMU, PR_GET_FPEMU, PR_SET_FPEXC, + PR_GET_FPEXC, PR_SET_KEEPCAPS, PR_GET_KEEPCAPS, PR_SET_NAME, + PR_GET_NAME, PR_SET_PDEATHSIG, PR_GET_PDEATHSIG, PR_SET_SECCOMP, + PR_GET_SECCOMP, PR_SET_SECUREBITS, PR_GET_SECUREBITS, PR_SET_TIMING, + PR_GET_TIMING, PR_SET_TSC, PR_GET_TSC, PR_SET_UNALIGN, PR_GET_UNALIGN, + PR_MCE_KILL, PR_MCE_KILL_GET, +}; + +/* We already got a generic_sanitise at this point */ +void sanitise_prctl(int childno) +{ + int option = prctl_opts[rand() % NR_PRCTL_OPTS]; + + /* Also allow crap by small chance */ + if (rand() % 100 != 0) + shm->a1[childno] = option; + + switch (option) { + case PR_SET_SECCOMP: + if (rand() % 3 == SECCOMP_MODE_FILTER) { + gen_seccomp_bpf((unsigned long *) page_rand, NULL); + + shm->a2[childno] = SECCOMP_MODE_FILTER; + shm->a3[childno] = (unsigned long) page_rand; + } + break; + default: + break; + } +} struct syscall syscall_prctl = { .name = "prctl", @@ -13,4 +55,5 @@ struct syscall syscall_prctl = { .arg3name = "arg3", .arg4name = "arg4", .arg5name = "arg5", + .sanitise = sanitise_prctl, }; -- 1.7.11.7 -- To unsubscribe from this list: send the line "unsubscribe trinity" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
