summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/platform/ptrace/ptrace_unsafe.go
diff options
context:
space:
mode:
authorAdin Scannell <ascannell@google.com>2018-10-10 22:39:32 -0700
committerShentubot <shentubot@google.com>2018-10-10 22:40:28 -0700
commit463e73d46d76042c39050d02cf3b0f875e55eb01 (patch)
treedbaac54c225820d0850925a8cde4d80861fce686 /pkg/sentry/platform/ptrace/ptrace_unsafe.go
parente21ba16d9cf7ba4f2d5f65651e06ab592032ef86 (diff)
Add seccomp filter configuration to ptrace stubs.
This is a defense-in-depth measure. If the sentry is compromised, this prevents system call injection to the stubs. There is some complexity with respect to ptrace and seccomp interactions, so this protection is not really available for kernel versions < 4.8; this is detected dynamically. Note that this also solves the vsyscall emulation issue by adding in appropriate trapping for those system calls. It does mean that a compromised sentry could theoretically inject these into the stub (ignoring the trap and resume, thereby allowing execution), but they are harmless. PiperOrigin-RevId: 216647581 Change-Id: Id06c232cbac1f9489b1803ec97f83097fcba8eb8
Diffstat (limited to 'pkg/sentry/platform/ptrace/ptrace_unsafe.go')
-rw-r--r--pkg/sentry/platform/ptrace/ptrace_unsafe.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/platform/ptrace/ptrace_unsafe.go b/pkg/sentry/platform/ptrace/ptrace_unsafe.go
index b55b2795a..46a8bda8e 100644
--- a/pkg/sentry/platform/ptrace/ptrace_unsafe.go
+++ b/pkg/sentry/platform/ptrace/ptrace_unsafe.go
@@ -136,7 +136,7 @@ func (t *thread) clone(initRegs *syscall.PtraceRegs) (*thread, error) {
return nil, syscall.EINVAL
}
rval, err := t.syscallIgnoreInterrupt(
- initRegs,
+ &t.initRegs,
syscall.SYS_CLONE,
arch.SyscallArgument{Value: uintptr(
syscall.CLONE_FILES |