packages/flatpak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add backport-run-Handle-unknown-syscalls-as-intended.patch.

Browse Source
This commit is contained in:
陈亚强 2021-10-22 07:33:38 +00:00 committed by Gitee
parent c53aa44737
commit 40d80034a2
1 changed files with 72 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
backport-run-Handle-unknown-syscalls-as-intended.patch Normal file
View File

@ -0,0 +1,72 @@
From d419fa67038370e4f4c3ce8c3b5f672d4876cfc8 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 8 Oct 2021 17:05:07 +0100
Subject: [PATCH] run: Handle unknown syscalls as intended
The error-handling here was
if (r < 0 && r == -EFAULT)
but Alex says it was almost certainly intended to be
if (r < 0 && r != -EFAULT)
so that syscalls not known to libseccomp are not a fatal error.
Instead of literally making that change, emit a debug message on -EFAULT
so we can see what is going on.
This temporarily weakens our defence against CVE-2021-41133
(GHSA-67h7-w3jq-vh4q) in order to avoid regressions: if the installed
version of libseccomp does not know about the recently-added syscalls,
but the kernel does, then we will not prevent non-native executables
from using those syscalls.
Resolves: https://github.com/flatpak/flatpak/issues/4458
Signed-off-by: Simon McVittie <smcv@collabora.com>
Conflict:NA
Reference:https://github.com/flatpak/flatpak/commit/d419fa67038370e4f4c3ce8c3b5f672d4876cfc8
---
common/flatpak-run.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index da96465..a416f1b 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2960,7 +2960,16 @@ setup_seccomp (FlatpakBwrap *bwrap,
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 1, *syscall_blocklist[i].arg);
else
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
- if (r < 0 && r == -EFAULT /* unknown syscall */)
+
+ /* EFAULT means "internal libseccomp error", but in practice we get
+ * this for syscall numbers added via flatpak-syscalls-private.h
+ * when trying to filter them on a non-native architecture, because
+ * libseccomp cannot map the syscall number to a name and back to a
+ * number for the non-native architecture. */
+ if (r == -EFAULT)
+ flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
+ scall);
+ else if (r < 0)
return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Failed to block syscall %d"), scall);
}
@@ -2978,7 +2987,11 @@ setup_seccomp (FlatpakBwrap *bwrap,
else
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
- if (r < 0 && r == -EFAULT /* unknown syscall */)
+ /* See above for the meaning of EFAULT. */
+ if (errno == EFAULT)
+ flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
+ scall);
+ else if (r < 0)
return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Failed to block syscall %d"), scall);
}
}
--
2.27.0