Twitter | Pretraživanje | |
Grant Hernandez
Disabling SECCOMP with a kernel R/W is quite fun! You need to clear the TIF_SECCOMP flag first in thread_info, then the task->seccomp.filter, and finally task->seccomp.mode. Any other combination leads to kernel panics
Reply Retweet Označi sa "sviđa mi se" More
Kees Cook 9. lis
Odgovor korisniku/ci @Digital_Cold
The last two I can understand: there is intentional "fail closed" logic in seccomp in those cases. Losing TIF_SECCOMP, though, I'd expect would instantly bypass seccomp. What actually goes wrong if only that is changed? (Also, I assume you unset NNP too?)
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 9. lis
Odgovor korisniku/ci @kees_cook
If TIF_SECCOMP is set, it reaches the secure_computing() function which hits this So the mode needs to be non zero if that flag is set. It doesn't look like NNP was set!
Reply Retweet Označi sa "sviđa mi se"