On Thu, 2012-06-07 at 22:57 +0200, Stefan Fritsch wrote: > On Saturday 02 June 2012, Ben Hutchings wrote: > > On Sat, 2012-06-02 at 16:23 +0200, Stefan Fritsch wrote: > > > Package: linux-2.6 > > > Severity: wishlist > > > > > > The seccomp filter code has this Linus' tree a while back and > > > will be in 3.5. It's a very usefult security feature that would > > > be very nice to have in wheezy. > > > > > > Is it possible to backport it or do you consider it to be too > > > intrusive? > > > > I'm aware of this but haven't yet looked at how easy it would be to > > backport. We would at least need no_new_privs as well. > > FWIW, I done a backport of (hopefully) all the relevant commits. I > have picked the debian/3.2.17 tag from > git://anonscm.debian.org/kernel/linux-2.6.git as target because I was > too lazy to get the current debian source from svn. Hopefully the > differences are not too big. The result is at > http://people.debian.org/~sf/seccomp-filter-backport/ . It compiles > and the included seccomp-filter sample programs work. > > Of course, all the patches need review. And it's quite possible that I > have overlooked some important pieces, too. > > Noteworthy conflicts: > > 3.5 seems to have some seccomp audit infrastructure that is not in > 3.2. I have left this out and left the basic logging in, instead. The > latter was removed from 3.5 in > 3dc1c1b2d2ed7507ce8a379814ad75745ff97ebe.
It wasn't completely removed. I think the audit changes should be included. > fb0fadf9b213f55ca9368f3edafe51101d5d2deb defines PTRACE_EVENT_SECCOMP > to 7, which is used by PTRACE_EVENT_STOP in 3.2. I have used 8 > instead. This is the same as Ubuntu did. But this looks wrong. As I understand it, PTRACE_EVENT_STOP has never been exposed to userland, so it was OK to renumber it from 7 to 128 (though really it ought to have been moved to the #ifdef __KERNEL__ section). But according to the documentation, PTRACE_EVENT_SECCOMP *is* exposed to userland. In that case, we *must not* have differing definitions in different kernel versions. > Does this look reasonable to include in wheezy even this close to the > freeze? We missed the wheezy freeze, but may still be able to get a freeze exception for this. Ben. -- Ben Hutchings Sturgeon's Law: Ninety percent of everything is crap.
signature.asc
Description: This is a digitally signed message part
