1. 23 Jan, 2017 1 commit
    • Mike Frysinger's avatar
      seccomp: dump core when using SECCOMP_RET_KILL · b25e6716
      Mike Frysinger authored
      The SECCOMP_RET_KILL mode is documented as immediately killing the
      process as if a SIGSYS had been sent and not caught (similar to a
      SIGKILL).  However, a SIGSYS is documented as triggering a coredump
      which does not happen today.
      
      This has the advantage of being able to more easily debug a process
      that fails a seccomp filter.  Today, most apps need to recompile and
      change their filter in order to get detailed info out, or manually run
      things through strace, or enable detailed kernel auditing.  Now we get
      coredumps that fit into existing system-wide crash reporting setups.
      
      From a security pov, this shouldn't be a problem.  Unhandled signals
      can already be sent externally which trigger a coredump independent of
      the status of the seccomp filter.  The act of dumping core itself does
      not cause change in execution of the program.
      
      URL: https://crbug.com/676357Signed-off-by: default avatarMike Frysinger <vapier@chromium.org>
      Acked-by: default avatarJorge Lucangeli Obes <jorgelo@chromium.org>
      Acked-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      b25e6716
  2. 19 Jan, 2017 1 commit
  3. 16 Jan, 2017 38 commits