From mboxrd@z Thu Jan 1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Philipp Stephani
Newsgroups: gmane.emacs.bugs
Subject: bug#56359: seccomp test failures on RHEL 9.0
Date: Tue, 18 Oct 2022 11:32:46 +0200
Message-ID:
References:
<2094647B-7360-41F4-8AB0-ADFC835288E8@gmail.com>
<87y1vjay6b.fsf@tcd.ie> <87edvfji2y.fsf@gnus.org> <87lepm5yfo.fsf@tcd.ie>
<87a662f8hb.fsf@gnus.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
logging-data="28412"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: "Basil L. Contovounesios" , Glenn Morris ,
Paul Eggert , 56359@debbugs.gnu.org
To: Lars Ingebrigtsen
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Oct 18 11:36:15 2022
Return-path:
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.92)
(envelope-from )
id 1okj1C-0007Az-9K
for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 18 Oct 2022 11:36:14 +0200
Original-Received: from localhost ([::1]:45720 helo=lists1p.gnu.org)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from )
id 1okj0t-00083Z-3Q
for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 18 Oct 2022 05:36:04 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:40420)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from )
id 1okiz4-0007zq-KD
for bug-gnu-emacs@gnu.org; Tue, 18 Oct 2022 05:34:05 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:52105)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from )
id 1okiz4-0004J9-7n
for bug-gnu-emacs@gnu.org; Tue, 18 Oct 2022 05:34:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
(envelope-from ) id 1okiz4-0008D5-2h
for bug-gnu-emacs@gnu.org; Tue, 18 Oct 2022 05:34:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Philipp Stephani
Original-Sender: "Debbugs-submit"
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 18 Oct 2022 09:34:02 +0000
Resent-Message-ID:
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 56359
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: moreinfo
Original-Received: via spool by 56359-submit@debbugs.gnu.org id=B56359.166608559831507
(code B ref 56359); Tue, 18 Oct 2022 09:34:02 +0000
Original-Received: (at 56359) by debbugs.gnu.org; 18 Oct 2022 09:33:18 +0000
Original-Received: from localhost ([127.0.0.1]:51182 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from )
id 1okiyL-0008C4-Hr
for submit@debbugs.gnu.org; Tue, 18 Oct 2022 05:33:18 -0400
Original-Received: from mail-ot1-f42.google.com ([209.85.210.42]:40463)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from ) id 1okiy7-0008BB-8r
for 56359@debbugs.gnu.org; Tue, 18 Oct 2022 05:33:03 -0400
Original-Received: by mail-ot1-f42.google.com with SMTP id
r13-20020a056830418d00b0065601df69c0so7287340otu.7
for <56359@debbugs.gnu.org>; Tue, 18 Oct 2022 02:33:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=63Qg7LOJUBjYlwX8rwN/EJDwdPOTvmZ08zymGP8ppTo=;
b=VtpnKxnKrjVuF91kzpa4GcXebzb9I0hbS3Kr0dEKBZIwce3/MQEt54gsOfSdRozeHH
/M3Uc2IqLUauyBzrRndPYYITAaOtgkfpbQuH5DTdiveq0mSaiU9lMPDw5Y83F3DPO9l4
ZFZrn3x0uNGPR+JAouNHDoEq79pwkH4cXNmmZHT6022Vyw2hzlTqj2zRQlvy0Dz8wkbo
s3s3iODaAkIXLKeFE4v7Ijuze0tA5Iq+z0YprRILb0n0Azwu/oMq+AY+/+KKMnBPhgGH
kUnuobOPewzO0KhfQTtBskvz4BqqxEz3d+l1xa6C9NarDe1M1VJJWemgbK8ItTTYD6Kw
mYxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=63Qg7LOJUBjYlwX8rwN/EJDwdPOTvmZ08zymGP8ppTo=;
b=JRjbWDf7CGk9CbTMsuc5U0MtuVh3FzM6r0T+J6BCM0nPKPBX43xfnagBz7t1J7a794
ObLePyNDey9157AWIJMQmSjdMxa18CKpxwSb82Slh8U696KGribl+hNfcUxoYxNyXxem
5MZI3pTaxcTOfwrE+jIoXBhgLDPEhkazv0ihPPY/kjcAX9Gy+j6LfGe7U0llFZQ9P8Kk
at1Ft8LkkMupt2sEPAKcKT8NyBJCueB3TMe1vLOwraNG0jhNGge7NGQR2OFdt5aIG7+0
4tztF5j5eSZPPR8xoflPnN4LCvMi6UrHqePZkP0+5LOE2AEVi/+KaUFaxAGhKoS84Zi+
a9nA==
X-Gm-Message-State: ACrzQf2uuCG164ek2Lwyw/e9xP8R8qFjK281jc8/J7godSaMSI0JJzH7
fCGECKxgnhq3++f0Jnt6iyV8x3mxEvCobcGGmnk=
X-Google-Smtp-Source: AMsMyM40X/8i5YS2ouUQpxQrjltQybHfJJ0WwnYYlQiCL3zgz/q+cop6I5cvuCoJ/cufcOwqh6VSkuFK+QZxUBQxZLA=
X-Received: by 2002:a9d:d83:0:b0:661:e250:f35f with SMTP id
3-20020a9d0d83000000b00661e250f35fmr872891ots.102.1666085577532; Tue, 18 Oct
2022 02:32:57 -0700 (PDT)
In-Reply-To: <87a662f8hb.fsf@gnus.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
the Swiss army knife of text editors"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
Xref: news.gmane.io gmane.emacs.bugs:245781
Archived-At:
Am Di., 11. Okt. 2022 um 21:47 Uhr schrieb Lars Ingebrigtsen :
>
> Paul Eggert writes:
>
> > My "fix" involved allowing all uses of clone3, which (as Philipp noted
> > in August) is problematic. I'm not sure what's being tested for, but
> > if clone3 lets you evade the checks then the test is arguably more
> > trouble than it's worth. Would marking it as :unstable lessen the
> > number of false alarms we're getting? If not, perhaps we should remove
> > it or mark it as :dont-use-unless-you-know-what-youre-doing or
> > whatever.
>
> And pidfd_open also sounds like a non-safe call (without looking at it
> closely).
>
> Skimming the tests, they seem to test pretty basic functionality in the
> seccomp area -- that is, without allowing pidfd_open/clone3, nothing
> will be able to run using the seccomp functionality. But since those
> are somewhat unsafe, then... what's the point?
Neither pidfd_open nor clone3 are "unsafe". The concern is that clone3
might expand its functionality to eventually allow unsafe operations
like opening network sockets, and with its interface there's no way
for a seccomp filter to prevent that. One option might be to have
clone3 return ENOSYS, if the caller falls back to clone in that case.