Date: Thu, 14 Mar 2019 19:48:22 -0400 From: Paul Moore <paul@...l-moore.com> To: oss-security@...ts.openwall.com Cc: Jann Horn <jannh@...gle.com> Subject: libseccomp: incorrect generation of syscall argument filters Jann Horn (CC'd) identified a problem in current versions of libseccomp where the library did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE). Jann has done a search using codesearch.debian.net and it would appear that only systemd and Tor are using libseccomp in such a way as to trigger the bad code. In the case of systemd this appears to affect the socket address family and scheduling class filters. In the case of Tor it appears that the bad filters could impact the memory addresses passed to mprotect(2). The libseccomp v2.4.0 release fixes this problem, and should be a direct drop-in replacement for previous v2.x releases. Due the complexity, and associated risk, of backporting the fix to the v2.3.x release stream, I've made the difficult decision not to backport the fix. Further, I'm not aware of any workarounds for this issue. Adminstrators and distros are strongly encouraged to upgrade to libseccomp v2.4.0 as soon as possible. The related GitHub issue, complete with a brief discussion of the problem and a list of the assocated patches can be found at the link below: * https://github.com/seccomp/libseccomp/issues/139 The libseccomp v2.4.0 release can be found at the link below: * https://github.com/seccomp/libseccomp/releases/tag/v2.4.0 -- paul moore www.paul-moore.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.