Sargun Dhillon <[email protected]> writes: > This adds a seccomp notifier ioctl which allows for the listener to "add" > file descriptors to a process which originated a seccomp user > notification. This allows calls like mount, and mknod to be "implemented", > as the return value, and the arguments are data in memory. On the other > hand, calls like connect can be "implemented" using pidfd_getfd. > > Unfortunately, there are calls which return file descriptors, like > open, which are vulnerable to TOC-TOU attacks, and require that the > more privileged supervisor can inspect the argument, and perform the > syscall on behalf of the process generating the notifiation. This > allows the file descriptor generated from that open call to be > returned to the calling process. > > In addition, there is funcitonality to allow for replacement of > specific file descriptors, following dup2-like semantics. > > Signed-off-by: Sargun Dhillon <[email protected]> > Suggested-by: Matt Denton <[email protected]> > Cc: Kees Cook <[email protected]>, > Cc: Jann Horn <[email protected]>, > Cc: Robert Sesek <[email protected]>, > Cc: Chris Palmer <[email protected]> > Cc: Christian Brauner <[email protected]> > Cc: Tycho Andersen <[email protected]> > ---
Thanks, this is a really useful feature. Tested-by: Giuseppe Scrivano <[email protected]>
