Re: [3.1 REGRESSION] Commit 5cec93c216db77c45f7ce970d46283bcb1933884breaks the Chromium seccomp sandbox

From: Andrew Lutomirski
Date: Sun Nov 13 2011 - 23:00:34 EST

Next message: Samuel Thibault: "Re: [patch 20/35] leds: route kbd LEDs through the generic LEDs layer"
Previous message: Greg KH: "Re: [PATCH]usb: serial: pl2303: rm id"
In reply to: Andrew Lutomirski: "Re: [3.1 REGRESSION] Commit 5cec93c216db77c45f7ce970d46283bcb1933884breaks the Chromium seccomp sandbox"
Next in thread: Mark Seaborn: "Re: [3.1 REGRESSION] Commit 5cec93c216db77c45f7ce970d46283bcb1933884breaks the Chromium seccomp sandbox"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Nov 13, 2011 at 6:36 PM, Andrew Lutomirski <luto@xxxxxxx> wrote:
>
> The attached patch (in vsyscall=native mode) should help diagnose
> exactly what's wrong. But I wouldn't be surprised if you can trigger
> the exact same failure on older kernels by doing

Now with actual attachment.

--Andy
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 57d4b13..29deaf8 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -54,6 +54,7 @@ void __secure_computing(int this_syscall)
#ifdef SECCOMP_DEBUG
dump_stack();
#endif
+ printk(KERN_ERR "Killing %d due to bad seccomp syscall %d\n", (int)current->pid, (int)this_syscall);
do_exit(SIGKILL);
}

Next message: Samuel Thibault: "Re: [patch 20/35] leds: route kbd LEDs through the generic LEDs layer"
Previous message: Greg KH: "Re: [PATCH]usb: serial: pl2303: rm id"
In reply to: Andrew Lutomirski: "Re: [3.1 REGRESSION] Commit 5cec93c216db77c45f7ce970d46283bcb1933884breaks the Chromium seccomp sandbox"
Next in thread: Mark Seaborn: "Re: [3.1 REGRESSION] Commit 5cec93c216db77c45f7ce970d46283bcb1933884breaks the Chromium seccomp sandbox"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]