diff options
| author | Anton Lindqvist <anton@basename.se> | 2021-02-26 09:08:40 +0100 |
|---|---|---|
| committer | Anton Lindqvist <anton@basename.se> | 2021-12-26 10:20:43 +0100 |
| commit | e4f103c49590d5ff0c7e416ade15a99f54029f8d (patch) | |
| tree | ce963df2ef3ca2a6170c044c2f6695e5e4e42d18 /sys/openbsd | |
| parent | 6caa12e443d9f79aa2df67d44cdc6163eaa1e97f (diff) | |
sys/openbsd: neutralize sysctl kern.maxfiles
Yet another root only knob that can cause the syz-execprog process to
run out of resources[1].
[1] https://syzkaller.appspot.com/bug?id=08745ec898fac9de9164bcc4d03bf62a078f56ab
Diffstat (limited to 'sys/openbsd')
| -rw-r--r-- | sys/openbsd/init.go | 9 | ||||
| -rw-r--r-- | sys/openbsd/init_test.go | 5 |
2 files changed, 14 insertions, 0 deletions
diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go index 8eb9a726a..80e8d5527 100644 --- a/sys/openbsd/init.go +++ b/sys/openbsd/init.go @@ -20,6 +20,7 @@ func InitTarget(target *prog.Target) { DIOCKILLSTATES: target.GetConst("DIOCKILLSTATES"), KERN_MAXCLUSTERS: target.GetConst("KERN_MAXCLUSTERS"), KERN_MAXPROC: target.GetConst("KERN_MAXPROC"), + KERN_MAXFILES: target.GetConst("KERN_MAXFILES"), KERN_MAXTHREAD: target.GetConst("KERN_MAXTHREAD"), KERN_WITNESS: target.GetConst("KERN_WITNESS"), S_IFCHR: target.GetConst("S_IFCHR"), @@ -42,6 +43,7 @@ type arch struct { DIOCKILLSTATES uint64 KERN_MAXCLUSTERS uint64 KERN_MAXPROC uint64 + KERN_MAXFILES uint64 KERN_MAXTHREAD uint64 KERN_WITNESS uint64 S_IFCHR uint64 @@ -251,6 +253,13 @@ func (arch *arch) neutralizeSysctlKern(mib []*prog.ConstArg) bool { return true } + // Do not fiddle with root only knob kern.maxfiles, can cause the + // syz-execprog to run out of resources. + if len(mib) >= 2 && + mib[0].Val == arch.CTL_KERN && mib[1].Val == arch.KERN_MAXFILES { + return true + } + // Do not fiddle with root only knob kern.maxthread, can cause the // syz-execprog process to panic. if len(mib) >= 2 && diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go index d97c5e49e..c439de565 100644 --- a/sys/openbsd/init_test.go +++ b/sys/openbsd/init_test.go @@ -94,6 +94,11 @@ func TestNeutralize(t *testing.T) { Out: `sysctl$kern(&(0x7f0000000300)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`, }, { + // Test for sysctl kern.maxfiles. + In: `sysctl$kern(&(0x7f0000000300)={0x1, 0x7}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`, + Out: `sysctl$kern(&(0x7f0000000300)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`, + }, + { // Test for sysctl kern.maxthread. In: `sysctl$kern(&(0x7f0000000300)={0x1, 0x19}, 0x2, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`, Out: `sysctl$kern(&(0x7f0000000300)={0x0}, 0x0, 0x0, 0x0, &(0x7f0000000300)="ff0380c5", 0x4)`, |