On Wed, Apr 10, 2013 at 12:00 PM, Thiago Marcos P. Santos <tmpsan...@gmail.com> wrote: > On Wed, Apr 10, 2013 at 12:36 AM, Thiago Marcos P. Santos > <tmpsan...@gmail.com> wrote: >> >> On Apr 10, 2013 12:29 AM, "Paul Moore" <pmo...@redhat.com> wrote: >>> >>> On Tuesday, April 09, 2013 09:06:19 PM Thiago Marcos P. Santos wrote: >>> > On Apr 9, 2013 5:55 PM, "Thiago Marcos P. Santos" wrote: >>> > > Hi, >>> > > >>> > > On x86 we have rt_sigprocmask and sigprocmask and on x86_64 only >>> > > rt_sigprocmask. In any case, the libc shipped by Ubuntu 12.10 on both >>> > > architectures maps sigprocmask(2) to rt_sigprocmask, something that I >>> > > could confirm using strace(1). That said, consider the rule below: >>> > > >>> > > ctx = seccomp_init(SCMP_ACT_ALLOW); >>> > > >>> > > seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(rt_sigprocmask), 2, >>> > > SCMP_A0(SCMP_CMP_EQ, SIG_BLOCK), >>> > > SCMP_A1(SCMP_CMP_NE, 0)); >>> > > >>> > > The following rule works as expected on both archs: >>> > > >>> > > sigprocmask(SIG_BLOCK, 0, &set); // Executed just fine. >>> > > >>> > > This rule matches on x86 but not on x86_64: >>> > > >>> > > sigprocmask(SIG_BLOCK, &set, 0); // Process killed on x86, but not on >>> > > x86_64! >>> > > >>> > > I first thought that libc could be playing with the parameters or >>> > > these >>> > > syscalls could have different signatures on x86 and x86_64, but looks >>> > > like >>> > > that is not the case. Any suggestion? Am I missing something? >>> > > >>> > > My test case is attached. >>> > > >>> > > Cheers, >>> > >>> > I meant 2 arguments. If fact, with just one, works as expected on both >>> > archs. >>> >>> What version of libseccomp are you using? >> >> I tried with 2.0 and the HEAD of the master branch as of today. > > The pseudo filter for x86 looks fine. > > # filter for arch x86 (1073741827) > if ($arch == 1073741827) > # filter for syscall #175 (priority: 65533) > if ($syscall == 175) > if ($a0 == 0) > if ($a1 == 0) > else > action KILL; > # default action > action ALLOW; > > > But for x86_64, what if the upper part of the second argument > (a1.hi32) is not zero? I'm afraid it wont match SCMP_A1(SCMP_CMP_NE, > 0) even though it should. > > # filter for arch x86_64 (3221225534) > if ($arch == 3221225534) > # filter for syscall #14 (priority: 65531) > if ($syscall == 14) > if ($a0.hi32 == 0) > if ($a0.lo32 == 0) > if ($a1.hi32 == 0) > if ($a1.lo32 == 0) > else > action KILL; > # default action > action ALLOW;
My theory looks correct. On my test.c example, changing "sigset_t set;" to "static sigset_t set;" (i.e., taking it from the stack to a lower address at bss) makes it work as expected. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ libseccomp-discuss mailing list libseccomp-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
