| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running syz-manager with -mode run-tests --tests landlock_ptrace -debug
we get this result:
executing program
### start
### call=0 errno=0
### call=1 errno=0
### call=2 errno=0
### call=3 errno=0
### call=4 errno=3
### call=5 errno=0
### call=6 errno=0
### call=7 errno=0
### call=8 errno=1
### call=9 errno=0
### call=10 errno=0
### call=11 errno=3
### call=12 errno=0
### call=13 errno=0
### call=14 errno=1
### call=15 errno=3
### call=16 errno=1
### call=17 errno=0
### call=18 errno=3
executing program
### start
### call=0 errno=0
### call=1 errno=0
### call=2 errno=0
### call=3 errno=0
### call=4 errno=0
### call=5 errno=0
### call=6 errno=0
### call=7 errno=0
### call=8 errno=1
### call=9 errno=3
### call=10 errno=0
### call=11 errno=3
### call=12 errno=0
### call=13 errno=0
### call=14 errno=1
### call=15 errno=3
### call=16 errno=1
### call=17 errno=0
### call=18 errno=3
executing program
### start
### call=0 errno=0
### call=1 errno=0
### call=2 errno=0
### call=3 errno=0
### call=4 errno=3
### call=5 errno=0
### call=6 errno=0
### call=7 errno=0
### call=8 errno=1
### call=9 errno=0
### call=10 errno=0
### call=11 errno=3
### call=12 errno=0
### call=13 errno=0
### call=14 errno=1
### call=15 errno=3
### call=16 errno=1
### call=17 errno=0
### call=18 errno=3
Because this test spawns two threads, the ptrace(2) returned code may be
different according to the calling thread.
Set the common EPERM errnos for all three threads (EINTR is unknown to
syzkaller). The other returned codes cannot be fixed because we cannot
have a set of valid errno for the same call.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add new the landlock_ruleset_attr's "scoped" field and related flags for
Linux 6.12: LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET and
LANDLOCK_SCOPE_SIGNAL.
Update tests with the new landlock_ruleset_attr's field.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add the new lanlock_net_port_attr struct and related
LANDLOCK_ACCESS_NET_{BIND,CONNECT}_TCP flags for TCP access control.
Add landlock_ruleset_attr's handled_access_net field and fix
handled_access_fs name.
Update tests with the new landlock_ruleset_attr's handled_access_net
field.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As was pointed out in #2921, the current approach of limiting the number
of pids per process does not work on all Linux-based kernels.
We could just treat fork, clone and clone3 in a special way (e.g. exit
on a zero return). However, in that case we also need to sanitize the
arguments for clone and clone3 - if CLONE_VM is passed and stack is 0,
the forked child processes (threads) will become nearly unindentifiable
and will corrupt syz-executor's memory. While we could sanitize clone's
arguments, we cannot do so for clone3 - nothing can guarantee that they
will not be changed concurrently.
Instead of calling those syscalls directly, introduce a special pseudo
syscall syz_clone3. It copies and sanitizes the arguments and then
executes clone3 (or fork, if we're on an older kernel) in such a way so
as to prevent fork bombs from happening.
Also introduce syz_clone() to still be able to fuzz it on older systems.
|
|
|
This test helps cover security/landlock/ptrace.c
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
|
