142983 – [Seccomp] Set appropriate filters when trapping syscalls by default

Bug 142983 - [Seccomp] Set appropriate filters when trapping syscalls by default

Summary: [Seccomp] Set appropriate filters when trapping syscalls by default

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Michael Catanzaro

URL:
Keywords:

Depends on:
Blocks:	140072
	Show dependency tree / graph

Reported:	2015-03-23 14:30 PDT by Michael Catanzaro
Modified:	2015-07-27 22:27 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
[Linux] Seccomp Filters: Set appropriate filters when trapping by default (6.10 KB, patch) 2015-03-23 14:34 PDT, Michael Catanzaro	zan: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Catanzaro 2015-03-23 14:30:41 PDT

If we trap syscalls by default, we must not manually set any filters to trap anything, since it will fail causing us to crash.
 
But also, there are some things we must allow unconditionally even when trapping by default, for the broker to work. sigreturn, obviously, and brk.

Comment 1 Michael Catanzaro 2015-03-23 14:34:19 PDT

Created attachment 249275 [details]
[Linux] Seccomp Filters: Set appropriate filters when trapping by default

Comment 2 Michael Catanzaro 2015-07-22 09:04:42 PDT

I think it would be nicer to use RELEASE_ASSERT_NOT_REACHED() rather than CRASH() here (note they are synonyms), but the existing code uses CRASH() so I picked that for consistency.

Comment 3 Zan Dobersek 2015-07-27 10:26:19 PDT

Comment on attachment 249275 [details]
[Linux] Seccomp Filters: Set appropriate filters when trapping by default

View in context: https://bugs.webkit.org/attachment.cgi?id=249275&action=review

> Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.cpp:105
> +    Action result = static_cast<Action>(value);

Is converting to Action here required?

Comment 4 Michael Catanzaro 2015-07-27 15:14:25 PDT

(In reply to comment #3)
> > Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.cpp:105
> > +    Action result = static_cast<Action>(value);
> 
> Is converting to Action here required?

Thanks. Yes:

../../Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.cpp:105:12: error: cannot initialize a variable of type 'WebKit::SeccompFilters::Action' with an lvalue of type 'uint32_t' (aka 'unsigned int')
    Action result = value;
           ^        ~~~~~

Comment 5 Michael Catanzaro 2015-07-27 15:20:22 PDT

Committed r187455: <http://trac.webkit.org/changeset/187455>

Comment 6 Zan Dobersek 2015-07-27 22:27:10 PDT

(In reply to comment #4)
> (In reply to comment #3)
> > > Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.cpp:105
> > > +    Action result = static_cast<Action>(value);
> > 
> > Is converting to Action here required?
> 
> Thanks. Yes:
> 
> ../../Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.cpp:105:12:
> error: cannot initialize a variable of type 'WebKit::SeccompFilters::Action'
> with an lvalue of type 'uint32_t' (aka 'unsigned int')
>     Action result = value;
>            ^        ~~~~~

What I meant was using the uint32_t variable directly in the switch conditional. At the second passing, I now see you have to return an Action value, so you'd have to cast it to the Action type in the return statement at the latest.