Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20181121065359.GA22179@pi3.com.pl>
Date: Wed, 21 Nov 2018 07:53:59 +0100
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: Re: snap-seccomp

Hi,

Sorry for dely reply but it is not trivial to repro problem which you've 
described. That's interesting issue which was happening when legit call to 
seccomp() fails via e.g. invalid parameters. LKRG had a small bug in the code 
handling legit errors in seccomp when SECCOMP_FILTER_FLAG_TSYNC was used.
In fact snap-seccomp during installation incorrectly calls seccomp with this 
specific flag and provide invalid arguments - quite interesting.

LKRG already had an error handling logic for it but it was incomplete. I've 
fixed that issue in that commit:

https://bitbucket.org/Adam_pi3/lkrg-main/commits/2d9c254c8ccd0b443490cab12a08b5bd9f58b2b1

If you use LKRG from the bitbucket repo, you will get this fixed.

Thanks,
Adam


On Mon, Nov 19, 2018 at 12:16:26AM +0000, Paweł Krawczyk wrote:
> While installing a snap package on Ubuntu 18.04:
> 
> Nov 19 00:11:34 tyler kernel: [p_lkrg] <Exploit Detection> ON
> process[28116 | snap-seccomp] has corrupted 'off' flag =>
> 0xa5b52eb038f3ada (normalization via 0x52da97581c79d6d)!
> Nov 19 00:11:34 tyler kernel: [p_lkrg] <Exploit Detection> Trying to
> kill process[snap-seccomp | 28116]!
> Nov 19 00:11:34 tyler kernel: [p_lkrg] <Exploit Detection> ON
> process[28114 | snap-seccomp] has corrupted 'off' flag =>
> 0xa5b52eb038f3ada (normalization via 0x52da97581c79d6d)!
> Nov 19 00:11:34 tyler kernel: [p_lkrg] <Exploit Detection> Trying to
> kill process[snap-seccomp | 28114]!
> Nov 19 00:11:34 tyler kernel: [p_lkrg] <Exploit Detection> ON
> process[28117 | snap-seccomp] has corrupted 'off' flag =>
> 0xa5b52eb038f3ada (normalization via 0x52da97581c79d6d)!
> Nov 19 00:11:34 tyler kernel: [p_lkrg] <Exploit Detection> Trying to
> kill process[snap-seccomp | 28117]!
> Nov 19 00:11:34 tyler kernel: [p_lkrg] <Exploit Detection> ON
> process[28115 | snap-seccomp] has corrupted 'off' flag =>
> 0xa5b52eb038f3ada (normalization via 0x52da97581c79d6d)!
> Nov 19 00:11:34 tyler kernel: [p_lkrg] <Exploit Detection> Trying to
> kill process[snap-seccomp | 28115]!
> 
> -- 
> Paweł Krawczyk
> +44 7879 180015
> 
> 

-- 
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.