View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000130 | file | General | public | 2020-01-11 11:07 | 2020-01-17 17:20 |
| Reporter | tobias | Assigned To | christos | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 5.38 | ||||
| Fixed in Version | 5.39 | ||||
| Summary | 0000130: sandbox blocks required TCGETS on console with glibc | ||||
| Description | Calling file from a terminal like tty0, i.e. not from a terminal emulator or multiplexer, just plain old /bin/bash as login shell, results in a bad system call. The problem is that glibc on a terminal calls ioctl TCGETS, which is not allowed by sandbox. I have attached a patch that fixes the issue. | ||||
| Steps To Reproduce | 1. Log in on a tty, do not use a virtual terminal emulator like xterm etc. 2. Call "file /" or anything else which accesses the file system 3. You see "Bad system call" 4. Call "strace file /" and notice that ioctl(1, TCGETS, ...) = ?" gets interrupted | ||||
| Additional Information | I'm using: - x86_64 - linux 5.4.10 - glibc 2.30 - libseccomp 2.4.2 - file 5.38 (compiled with libseccomp support) | ||||
| Tags | No tags attached. | ||||
|
|
file-5.38-seccomp.patch (431 bytes)
diff --git a/src/seccomp.c b/src/seccomp.c index ebf3ea1c..02025295 100644 --- a/src/seccomp.c +++ b/src/seccomp.c @@ -188,6 +188,10 @@ enable_sandbox_full(void) #ifdef TIOCGWINSZ // musl libc may call ioctl TIOCGWINSZ when calling stdout ALLOW_IOCTL_RULE(TIOCGWINSZ); +#endif +#ifdef TCGETS + // glibc may call ioctl TCGETS when calling stdout + ALLOW_IOCTL_RULE(TCGETS); #endif ALLOW_RULE(lseek); ALLOW_RULE(_llseek); |
|
|
Fixed, thanks! |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-01-11 11:07 | tobias | New Issue | |
| 2020-01-11 11:07 | tobias | File Added: file-5.38-seccomp.patch | |
| 2020-01-17 17:19 | christos | Assigned To | => christos |
| 2020-01-17 17:19 | christos | Status | new => assigned |
| 2020-01-17 17:20 | christos | Status | assigned => resolved |
| 2020-01-17 17:20 | christos | Resolution | open => fixed |
| 2020-01-17 17:20 | christos | Fixed in Version | => 5.39 |
| 2020-01-17 17:20 | christos | Note Added: 0003342 |
