Bug - Sudo effective user don't work with --seccomp-bpf #126
Dmitry V. Levin
ldv at altlinux.org
Thu Feb 27 23:46:55 UTC 2020
Hi,
On Thu, Feb 27, 2020 at 11:59:28PM +0530, Sid Sharma wrote:
> Hello I am new to opensorce
> and trying to fix this bug
> sudo won't work with --secomp-bpf
> Am I correct in assuming that seccomp mode allows only one way
> transition allowing only few sys calls
> and strace is unconditionally set to PR_SET_NO_NEW_PRIVS which makes
> execve promise not to execute anything
> So any Setuser-IDs, set-group-ID and file capabilities are rendered
> non-funtional
> but we cannot unset the permission and strace is not privileged
> enough to perform the functions we want
> This gets us into a tricky situation and we cannot go on any further
> Can someone suggest a solution, b'coz I want to solve it myself
I don't think there is a simple solution for the case of "strace -u"
because the seccomp filter has to be installed as late as possible before
the execve, and reordering it would case very interesting effects, e.g.
the code implementing -u would be filtered through the installed seccomp
filter.
It makes sense to fix a more simple case of privileged
"strace --seccomp-bpf" without -u option first, this would probably
require to test whether a seccomp filter can be installed without
PR_SET_NO_NEW_PRIVS, and avoid setting PR_SET_NO_NEW_PRIVS
if it's the case.
--
ldv
More information about the Strace-devel
mailing list