74 lines
2.8 KiB
Diff
74 lines
2.8 KiB
Diff
From d419fa67038370e4f4c3ce8c3b5f672d4876cfc8 Mon Sep 17 00:00:00 2001
|
|
From: Simon McVittie <smcv@collabora.com>
|
|
Date: Fri, 8 Oct 2021 17:05:07 +0100
|
|
Subject: [PATCH] run: Handle unknown syscalls as intended
|
|
|
|
The error-handling here was
|
|
|
|
if (r < 0 && r == -EFAULT)
|
|
|
|
but Alex says it was almost certainly intended to be
|
|
|
|
if (r < 0 && r != -EFAULT)
|
|
|
|
so that syscalls not known to libseccomp are not a fatal error.
|
|
|
|
Instead of literally making that change, emit a debug message on -EFAULT
|
|
so we can see what is going on.
|
|
|
|
This temporarily weakens our defence against CVE-2021-41133
|
|
(GHSA-67h7-w3jq-vh4q) in order to avoid regressions: if the installed
|
|
version of libseccomp does not know about the recently-added syscalls,
|
|
but the kernel does, then we will not prevent non-native executables
|
|
from using those syscalls.
|
|
|
|
Resolves: https://github.com/flatpak/flatpak/issues/4458
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
|
Conflict:NA
|
|
Reference:https://github.com/flatpak/flatpak/commit/d419fa67038370e4f4c3ce8c3b5f672d4876cfc8
|
|
|
|
|
|
---
|
|
common/flatpak-run.c | 17 +++++++++++++++--
|
|
1 file changed, 15 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
|
|
index da96465..a416f1b 100644
|
|
--- a/common/flatpak-run.c
|
|
+++ b/common/flatpak-run.c
|
|
@@ -2960,7 +2960,16 @@ setup_seccomp (FlatpakBwrap *bwrap,
|
|
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 1, *syscall_blocklist[i].arg);
|
|
else
|
|
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
|
|
- if (r < 0 && r == -EFAULT /* unknown syscall */)
|
|
+
|
|
+ /* EFAULT means "internal libseccomp error", but in practice we get
|
|
+ * this for syscall numbers added via flatpak-syscalls-private.h
|
|
+ * when trying to filter them on a non-native architecture, because
|
|
+ * libseccomp cannot map the syscall number to a name and back to a
|
|
+ * number for the non-native architecture. */
|
|
+ if (r == -EFAULT)
|
|
+ flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
|
|
+ scall);
|
|
+ else if (r < 0)
|
|
return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Failed to block syscall %d"), scall);
|
|
}
|
|
|
|
@@ -2978,7 +2987,11 @@ setup_seccomp (FlatpakBwrap *bwrap,
|
|
else
|
|
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
|
|
|
|
- if (r < 0 && r == -EFAULT /* unknown syscall */)
|
|
+ /* See above for the meaning of EFAULT. */
|
|
+ if (errno == EFAULT)
|
|
+ flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
|
|
+ scall);
|
|
+ else if (r < 0)
|
|
return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Failed to block syscall %d"), scall);
|
|
}
|
|
}
|
|
--
|
|
2.27.0
|
|
|