oss-sec mailing list archives
Re: (Linux kernel) Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS
From: cve-assign () mitre org
Date: Tue, 17 Jun 2014 18:18:03 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
According to the manual page, after calling it with 1 as a second argument, any consecutive system calls other than read(), write(), _exit() and sigreturn() should result in the delivery of SIGKILL. However, under MIPS any consecutive system call behaves as if prctl(PR_SET_SECCOMP, 1, ...) was never called.
I see no check for seccomp on the MIPS syscall 'fast path'. The seccomp check appears to be done on the 'slow path' which is used only if tracing or audit is also enabled for the task. If I run the above program under strace, it is killed as expected.
Use CVE-2014-4157. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJToL2jAAoJEKllVAevmvmswgUIAJbfESCClCJ35JPb7mukT3nC VFCIPzdiVqXNB/3OvC3hRUqY2J5TffMwYNnTiUJ3MtRcbbJXHf24lK3IM3H8/b7A 7ZpxBh7cZSeEX+d2+uOZqVW1DDJQ0BmmYHV0tlRI0jry2GAPvGdrBpVAKmxe+fvg 6qnceILeat1/1M4fbIabw683gjwZktF0S11LvSvn0OCSPM/sPK0cKMO5m0NEQzwI 2NZWljHvNpQ851Lpe7ICvDVr1v9PmgnsA+oHvqzZ46gXocrBcwMvlyP1xIFm/Ajk UZoE5jpP/dpXMS4/aTO+ucivLNKNjav741lKRg8MIBK274iKaWcUPv15aDdoYBw= =ycHE -----END PGP SIGNATURE-----
Current thread:
- Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS Yves-Alexis Perez (Jun 16)
- Re: (Linux kernel) Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS cve-assign (Jun 17)