| |||||||||||||
Cook: seccomp filter now in UbuntuCook: seccomp filter now in UbuntuPosted Mar 28, 2012 19:58 UTC (Wed) by Cyberax (✭ supporter ✭, #52523)In reply to: Cook: seccomp filter now in Ubuntu by dpquigl Parent article: Cook: seccomp filter now in Ubuntu
>What stops me from dropping my own custom filter in an exploit and installing the new filter that says I have everything? This needs to be something that can only be done once per process invocation.
The _parent_ process can start children with arbitrary filters. Children can't override filters (in fact, they are _forced_ to have NNP flag set).
(Log in to post comments)
Cook: seccomp filter now in Ubuntu Posted Mar 28, 2012 21:34 UTC (Wed) by dpquigl (subscriber, #52852) [Link]
That doesn't address the issue that if there is an exploit in that parent process that I can have it install a new filter. The process itself is what installs the filter. Also from your description here it seems that if you put a filter in bash then no process executed from a shell could use filters. Maybe I'm missing something here. The NNP flag seems completely disjoint from seccomp filtering.
Cook: seccomp filter now in Ubuntu Posted Mar 28, 2012 23:51 UTC (Wed) by khc (subscriber, #45209) [Link]
Or you can just run the exploit code in the parent process, if you have already exploited the parent process why bother with the child process?
The assumption is the child process is the one that's loading untrusted data, and so is more likely to be exploitable.
Cook: seccomp filter now in Ubuntu Posted Mar 29, 2012 0:12 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]
khc has already answered about exploiting the parent process.
NNP flag is a prerequisite for BPF filtering to avoid repeating the infamous Sendmail bug.
|
|||||||||||||