executor: introduce syz_pidfd_open()

This kernel interface provides access to fds of other processes, which is readily abused by the fuzzer to mangle parent syz-executor fds. Pid=1 is the parent syz-executor process when PID namespace is created. Sanitize it in the new syz_pidfd_open() pseudo-syscall. We could not patch the argument in sys/linux/init.go because the first argument is a resource.
author: Aleksandr Nogikh <nogikh@google.com> 2023-12-18 11:58:39 +0100
committer: Aleksandr Nogikh <nogikh@google.com> 2023-12-19 00:16:19 +0000
commit: 3ad490ea48468e50fe91f6f6b2ca4cbc74d924bf (patch)
tree: d6960156ac4fcbeb908fbbbba79c8716d8e47172 /sys/linux
parent: 924661f4beda6a647079237cc843df44626fc44b (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/linux/sys.txt b/sys/linux/sys.txt
index 30266900f..d6a19b787 100644
--- a/sys/linux/sys.txt
+++ b/sys/linux/sys.txt
@@ -653,7 +653,10 @@ resource fd_pidfd[fd]
 openat$pidfd(fd const[AT_FDCWD], file ptr[in, string["/proc/self"]], flags flags[open_flags], mode const[0]) fd_pidfd
 openat$thread_pidfd(fd const[AT_FDCWD], file ptr[in, string["/proc/thread-self"]], flags flags[open_flags], mode const[0]) fd_pidfd
 pidfd_send_signal(fd fd_pidfd, sig signalno, info ptr[in, siginfo], flags const[0])
-pidfd_open(pid pid, flags const[0]) fd_pidfd
+
+# pidfd_open is dangerous, so we use syz_pidfd_open instead.
+pidfd_open(pid pid, flags const[0]) fd_pidfd (disabled)
+syz_pidfd_open(pid pid, flags const[0]) fd_pidfd
 pidfd_getfd(pidfd fd_pidfd, fd fd, flags const[0]) fd
 
 close_range(fd fd, max_fd fd, flags flags[close_range_flags])
author	Aleksandr Nogikh <nogikh@google.com>	2023-12-18 11:58:39 +0100
committer	Aleksandr Nogikh <nogikh@google.com>	2023-12-19 00:16:19 +0000
commit	3ad490ea48468e50fe91f6f6b2ca4cbc74d924bf (patch)
tree	d6960156ac4fcbeb908fbbbba79c8716d8e47172 /sys/linux
parent	924661f4beda6a647079237cc843df44626fc44b (diff)