master

分支 (11)

标签 (7)

管理

管理

master

openEuler-20.03-LTS-SP2

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP1

openEuler-22.03-LTS

openEuler-22.03-LTS-Next

openEuler-20.03-LTS

openEuler-20.03-LTS-Next

openEuler-21.09

openEuler-21.03

openEuler-20.09

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.03-LTS-20200606

openEuler-20.09-20200928

openEuler-20.03-LTS-tag

flatpak
/
backport-run-Handle-unknown-syscalls-...

From d419fa67038370e4f4c3ce8c3b5f672d4876cfc8 Mon Sep 17 00:00:00 2001
From: Simon McVittie <[email protected]>
Date: Fri, 8 Oct 2021 17:05:07 +0100
Subject: [PATCH] run: Handle unknown syscalls as intended

The error-handling here was

    if (r < 0 && r == -EFAULT)

but Alex says it was almost certainly intended to be

    if (r < 0 && r != -EFAULT)

so that syscalls not known to libseccomp are not a fatal error.

Instead of literally making that change, emit a debug message on -EFAULT
so we can see what is going on.

This temporarily weakens our defence against CVE-2021-41133
(GHSA-67h7-w3jq-vh4q) in order to avoid regressions: if the installed
version of libseccomp does not know about the recently-added syscalls,
but the kernel does, then we will not prevent non-native executables
from using those syscalls.

Resolves: https://github.com/flatpak/flatpak/issues/4458
Signed-off-by: Simon McVittie <[email protected]>

Conflict:NA
Reference:https://github.com/flatpak/flatpak/commit/d419fa67038370e4f4c3ce8c3b5f672d4876cfc8


---
 common/flatpak-run.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index da96465..a416f1b 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2960,7 +2960,16 @@ setup_seccomp (FlatpakBwrap   *bwrap,
         r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 1, *syscall_blocklist[i].arg);
       else
         r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
-      if (r < 0 && r == -EFAULT /* unknown syscall */)
+
+      /* EFAULT means "internal libseccomp error", but in practice we get
+       * this for syscall numbers added via flatpak-syscalls-private.h
+       * when trying to filter them on a non-native architecture, because
+       * libseccomp cannot map the syscall number to a name and back to a
+       * number for the non-native architecture. */
+      if (r == -EFAULT)
+        flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
+                        scall);
+      else if (r < 0)
         return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Failed to block syscall %d"), scall);
     }

@@ -2978,7 +2987,11 @@ setup_seccomp (FlatpakBwrap   *bwrap,
           else
             r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);

-          if (r < 0 && r == -EFAULT /* unknown syscall */)
+          /* See above for the meaning of EFAULT. */
+          if (errno == EFAULT)
+            flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
+                            scall);
+          else if (r < 0)
             return flatpak_fail_error (error, FLATPAK_ERROR_SETUP_FAILED, _("Failed to block syscall %d"), scall);
         }
     }
--
2.27.0