|
@Digital_Cold | |||||
|
Disabling SECCOMP with a kernel R/W is quite fun! You need to clear the TIF_SECCOMP flag first in thread_info, then the task->seccomp.filter, and finally task->seccomp.mode. Any other combination leads to kernel panics
|
||||||
|
||||||
|
Kees Cook
@kees_cook
|
9. lis |
|
The last two I can understand: there is intentional "fail closed" logic in seccomp in those cases. Losing TIF_SECCOMP, though, I'd expect would instantly bypass seccomp. What actually goes wrong if only that is changed?
(Also, I assume you unset NNP too?)
|
||
|
|
||
|
Grant Hernandez
@Digital_Cold
|
9. lis |
|
If TIF_SECCOMP is set, it reaches the secure_computing() function which hits this github.com/torvalds/linux…
So the mode needs to be non zero if that flag is set. It doesn't look like NNP was set!
|
||
|
|
||