aboutsummaryrefslogtreecommitdiff
path: root/samples/seccomp/user-trap.c
AgeCommit message (Collapse)AuthorFilesLines
2024-02-12samples: user-trap: fix strict-aliasing warningGravatar Arnd Bergmann 1-2/+6
I started getting warnings for this one file, though I can't see what changed since it was originally introduced in commit fec7b6690541 ("samples: add an example of seccomp user trap"). samples/seccomp/user-trap.c: In function 'send_fd': samples/seccomp/user-trap.c:50:11: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 50 | *((int *)CMSG_DATA(cmsg)) = fd; | ~^~~~~~~~~~~~~~~~~~~~~~~ samples/seccomp/user-trap.c: In function 'recv_fd': samples/seccomp/user-trap.c:83:18: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] 83 | return *((int *)CMSG_DATA(cmsg)); | ~^~~~~~~~~~~~~~~~~~~~~~~ Using a temporary pointer variable avoids the warning. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/r/20240212111737.917428-1-arnd@kernel.org Acked-by: Tycho Andersen <tandersen@netflix.com> Signed-off-by: Kees Cook <keescook@chromium.org>
2020-01-02samples/seccomp: Zero out members based on seccomp_notif_sizesGravatar Sargun Dhillon 1-2/+2
The sizes by which seccomp_notif and seccomp_notif_resp are allocated are based on the SECCOMP_GET_NOTIF_SIZES ioctl. This allows for graceful extension of these datastructures. If userspace zeroes out the datastructure based on its version, and it is lagging behind the kernel's version, it will end up sending trailing garbage. On the other hand, if it is ahead of the kernel version, it will write extra zero space, and potentially cause corruption. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Suggested-by: Tycho Andersen <tycho@tycho.ws> Link: https://lore.kernel.org/r/20191230203503.4925-1-sargun@sargun.me Fixes: fec7b6690541 ("samples: add an example of seccomp user trap") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org>
2018-12-11samples: add an example of seccomp user trapGravatar Tycho Andersen 1-0/+375
The idea here is just to give a demonstration of how one could safely use the SECCOMP_RET_USER_NOTIF feature to do mount policies. This particular policy is (as noted in the comment) not very interesting, but it serves to illustrate how one might apply a policy dodging the various TOCTOU issues. Signed-off-by: Tycho Andersen <tycho@tycho.ws> CC: Kees Cook <keescook@chromium.org> CC: Andy Lutomirski <luto@amacapital.net> CC: Oleg Nesterov <oleg@redhat.com> CC: Eric W. Biederman <ebiederm@xmission.com> CC: "Serge E. Hallyn" <serge@hallyn.com> CC: Christian Brauner <christian@brauner.io> CC: Tyler Hicks <tyhicks@canonical.com> CC: Akihiro Suda <suda.akihiro@lab.ntt.co.jp> Signed-off-by: Kees Cook <keescook@chromium.org>
Copyright © 1990 – 2022 jet tsang zeon-git.
All Rights Reverse Engineered.