Hi,
Is there a better way than this to find the native architecture value
needed for seccomp filters? Right now everyone basically hard-codes it
with other compile-time checks...
static unsigned int get_syscall_arch(void)
{
struct ptrace_syscall_info info = { };
siginfo_t siginfo = { };
unsigned int arch = -1;
pid_t pid = fork();
if (pid < 0)
return -1;
if (pid == 0) {
if (ptrace(PTRACE_TRACEME, 0, 0, 0) != 0) {
perror("PTRACE_TRACEME");
_exit(1);
}
if (raise(SIGSTOP) != 0) {
perror("raise");
_exit(1);
}
_exit(0);
}
if (ptrace(PTRACE_ATTACH, pid, 0, 0) != 0)
goto reap;
if (waitid(P_PID, pid, &siginfo, WEXITED | WSTOPPED | WCONTINUED) != 0)
goto reap;
if (siginfo.si_code != CLD_STOPPED &&
siginfo.si_code != CLD_TRAPPED)
goto reap;
if (ptrace(PTRACE_GET_SYSCALL_INFO, pid, sizeof(info), &info)
< offsetof(typeof(info), arch) + sizeof(info.arch))
goto reap;
arch = info.arch;
ptrace(PTRACE_DETACH, pid, 0, 0);
reap:
kill(pid, SIGKILL);
if (waitpid(pid, NULL, 0) != pid)
perror("waitpid");
return arch;
}
--
Kees Cook
