1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index 05c39f0f5..3a9d6f359 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -280,6 +280,18 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
return RestrictKillTarget(current_pid, sysno);
}
+#if defined(__NR_newfstatat)
+ if (sysno == __NR_newfstatat) {
+ return RewriteFstatatSIGSYS();
+ }
+#endif
+
+#if defined(__NR_fstatat64)
+ if (sysno == __NR_fstatat64) {
+ return RewriteFstatatSIGSYS();
+ }
+#endif
+
// memfd_create is considered a file system syscall which below will be denied
// with fs_denied_errno, we need memfd_create for Mojo shared memory channels.
if (sysno == __NR_memfd_create) {
diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
index 76eb32493..09aa3f0b1 100644
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
@@ -6,6 +6,8 @@
#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
+#include <errno.h>
+#include <fcntl.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args,
return -ENOSYS;
}
+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
+ void* aux) {
+ switch (args.nr) {
+#if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+#endif
+#if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+#endif
+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
+ reinterpret_cast<struct stat64 *>(args.args[2]));
+ } else {
+ errno = EACCES;
+ return -1;
+ }
+ break;
+#endif
+ }
+
+ CrashSIGSYS_Handler(args, aux);
+
+ // Should never be reached.
+ RAW_CHECK(false);
+ return -ENOSYS;
+}
+
bpf_dsl::ResultExpr CrashSIGSYS() {
return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
}
@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() {
return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
}
+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
+}
+
void AllocateCrashKeys() {
#if !defined(OS_NACL_NONSFI)
if (seccomp_crash_key)
diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
index 7a958b93b..d0bfab74b 100644
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFailure(const arch_seccomp_data& args,
// sched_setparam(), sched_setscheduler()
SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
void* aux);
+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
+ void* aux);
// Variants of the above functions for use with bpf_dsl.
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill();
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
// Allocates a crash key so that Seccomp information can be recorded.
void AllocateCrashKeys();
diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
index fcfd2aa12..5396b36da 100644
--- a/sandbox/linux/services/syscall_wrappers.cc
+++ b/sandbox/linux/services/syscall_wrappers.cc
@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
#endif // defined(MEMORY_SANITIZER)
+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
+{
+#if defined(__NR_fstat64)
+ return syscall(__NR_fstat64, fd, buf);
+#else
+ return syscall(__NR_fstat, fd, buf);
+#endif
+}
+
} // namespace sandbox
diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
index 1975bfbd8..ed7ee5a1c 100644
--- a/sandbox/linux/services/syscall_wrappers.h
+++ b/sandbox/linux/services/syscall_wrappers.h
@@ -17,6 +17,7 @@ struct sock_fprog;
struct rlimit64;
struct cap_hdr;
struct cap_data;
+struct stat64;
namespace sandbox {
@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
const struct sigaction* act,
struct sigaction* oldact);
+// Recent glibc rewrites fstat to fstatat.
+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
+
} // namespace sandbox
#endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
|
