Allow trinity to use the recently added seccomp bpf generator
that was introduced in 3d0d78 ("bpf: add randomized seccomp
filter generated by markov chain"). The last two arguments for
that call can be left as random, the kernel does not seem to
care about it.
Signed-off-by: Daniel Borkmann <dborkman@xxxxxxxxxx>
---
include/sanitise.h | 2 +-
syscalls/prctl.c | 43 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/include/sanitise.h b/include/sanitise.h
index 59313fb..101094f 100644
--- a/include/sanitise.h
+++ b/include/sanitise.h
@@ -6,7 +6,7 @@
void sanitise_mmap(int childno);
void sanitise_rt_sigaction(int childno);
void sanitise_socket(int childno);
-
+void sanitise_prctl(int childno);
void sanitise_ioctl_sg_io(int childno);
void generic_sanitise(int childno);
diff --git a/syscalls/prctl.c b/syscalls/prctl.c
index 5ed8b86..93d1fb3 100644
--- a/syscalls/prctl.c
+++ b/syscalls/prctl.c
@@ -2,7 +2,49 @@
* SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
unsigned long, arg4, unsigned long, arg5)
*/
+#include <stdlib.h>
+#include <linux/prctl.h>
+#include <linux/seccomp.h>
+#include <sys/prctl.h>
+
#include "sanitise.h"
+#include "net.h"
+#include "maps.h"
+#include "shm.h"
+
+#define NR_PRCTL_OPTS 28
+static int prctl_opts[NR_PRCTL_OPTS] = {
+ PR_CAPBSET_READ, PR_CAPBSET_DROP, PR_SET_DUMPABLE, PR_GET_DUMPABLE,
+ PR_SET_ENDIAN, PR_GET_ENDIAN, PR_SET_FPEMU, PR_GET_FPEMU, PR_SET_FPEXC,
+ PR_GET_FPEXC, PR_SET_KEEPCAPS, PR_GET_KEEPCAPS, PR_SET_NAME,
+ PR_GET_NAME, PR_SET_PDEATHSIG, PR_GET_PDEATHSIG, PR_SET_SECCOMP,
+ PR_GET_SECCOMP, PR_SET_SECUREBITS, PR_GET_SECUREBITS, PR_SET_TIMING,
+ PR_GET_TIMING, PR_SET_TSC, PR_GET_TSC, PR_SET_UNALIGN, PR_GET_UNALIGN,
+ PR_MCE_KILL, PR_MCE_KILL_GET,
+};
+
+/* We already got a generic_sanitise at this point */
+void sanitise_prctl(int childno)
+{
+ int option = prctl_opts[rand() % NR_PRCTL_OPTS];
+
+ /* Also allow crap by small chance */
+ if (rand() % 100 != 0)
+ shm->a1[childno] = option;
+
+ switch (option) {
+ case PR_SET_SECCOMP:
+ if (rand() % 3 == SECCOMP_MODE_FILTER) {
+ gen_seccomp_bpf((unsigned long *) page_rand, NULL);
+
+ shm->a2[childno] = SECCOMP_MODE_FILTER;
+ shm->a3[childno] = (unsigned long) page_rand;
+ }
+ break;
+ default:
+ break;
+ }
+}
struct syscall syscall_prctl = {
.name = "prctl",
@@ -13,4 +55,5 @@ struct syscall syscall_prctl = {
.arg3name = "arg3",
.arg4name = "arg4",
.arg5name = "arg5",
+ .sanitise = sanitise_prctl,
};
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe trinity" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
