From 463e73d46d76042c39050d02cf3b0f875e55eb01 Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Wed, 10 Oct 2018 22:39:32 -0700 Subject: Add seccomp filter configuration to ptrace stubs. This is a defense-in-depth measure. If the sentry is compromised, this prevents system call injection to the stubs. There is some complexity with respect to ptrace and seccomp interactions, so this protection is not really available for kernel versions < 4.8; this is detected dynamically. Note that this also solves the vsyscall emulation issue by adding in appropriate trapping for those system calls. It does mean that a compromised sentry could theoretically inject these into the stub (ignoring the trap and resume, thereby allowing execution), but they are harmless. PiperOrigin-RevId: 216647581 Change-Id: Id06c232cbac1f9489b1803ec97f83097fcba8eb8 --- pkg/sentry/arch/arch_amd64.go | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'pkg/sentry/arch') diff --git a/pkg/sentry/arch/arch_amd64.go b/pkg/sentry/arch/arch_amd64.go index f1e408af9..5ba6c19ea 100644 --- a/pkg/sentry/arch/arch_amd64.go +++ b/pkg/sentry/arch/arch_amd64.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build amd64 + package arch import ( @@ -26,6 +28,9 @@ import ( "gvisor.googlesource.com/gvisor/pkg/sentry/usermem" ) +// Host specifies the host architecture. +const Host = AMD64 + // These constants come directly from Linux. const ( // maxAddr64 is the maximum userspace address. It is TASK_SIZE in Linux -- cgit v1.2.3