From 61ed43a86a3721708aeeee72b23bfa1eacd921b2 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Thu, 13 Sep 2018 12:00:58 +0200 Subject: sys/linux: prohibit EXT4_IOC_SHUTDOWN EXT4_IOC_SHUTDOWN EXT4_IOC_SHUTDOWN on root fs effectively brings the machine down in weird ways. --- sys/linux/init.go | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'sys/linux/init.go') diff --git a/sys/linux/init.go b/sys/linux/init.go index 1400ce182..d4ab7da70 100644 --- a/sys/linux/init.go +++ b/sys/linux/init.go @@ -19,6 +19,8 @@ func InitTarget(target *prog.Target) { SYSLOG_ACTION_SIZE_UNREAD: target.ConstMap["SYSLOG_ACTION_SIZE_UNREAD"], FIFREEZE: target.ConstMap["FIFREEZE"], FITHAW: target.ConstMap["FITHAW"], + EXT4_IOC_SHUTDOWN: target.ConstMap["EXT4_IOC_SHUTDOWN"], + EXT4_IOC_MIGRATE: target.ConstMap["EXT4_IOC_MIGRATE"], PTRACE_TRACEME: target.ConstMap["PTRACE_TRACEME"], CLOCK_REALTIME: target.ConstMap["CLOCK_REALTIME"], ARCH_SET_FS: target.ConstMap["ARCH_SET_FS"], @@ -91,6 +93,8 @@ type arch struct { SYSLOG_ACTION_SIZE_UNREAD uint64 FIFREEZE uint64 FITHAW uint64 + EXT4_IOC_SHUTDOWN uint64 + EXT4_IOC_MIGRATE uint64 PTRACE_TRACEME uint64 CLOCK_REALTIME uint64 ARCH_SET_FS uint64 @@ -115,9 +119,15 @@ func (arch *arch) sanitizeCall(c *prog.Call) { // Freeze kills machine. Though, it is an interesting functions, // so we need to test it somehow. // TODO: not required if executor drops privileges. + // Fortunately, the value does not conflict with any other ioctl commands for now. if uint64(uint32(cmd.Val)) == arch.FIFREEZE { cmd.Val = arch.FITHAW } + // EXT4_IOC_SHUTDOWN on root fs effectively brings the machine down in weird ways. + // Fortunately, the value does not conflict with any other ioctl commands for now. + if uint64(uint32(cmd.Val)) == arch.EXT4_IOC_SHUTDOWN { + cmd.Val = arch.EXT4_IOC_MIGRATE + } case "ptrace": req := c.Args[0].(*prog.ConstArg) // PTRACE_TRACEME leads to unkillable processes, see: -- cgit mrf-deployment