snapd

~mvo/snapd/+git/snapd-mvo:changelog-2.59.5

Last commit made on 2023-05-27

Get this branch:: git clone -b changelog-2.59.5 https://git.launchpad.net/~mvo/snapd/+git/snapd-mvo

Branch merges

Branch information

Name:: changelog-2.59.5

Repository:: lp:~mvo/snapd/+git/snapd-mvo

Recent commits

223c032... by Michael Vogt on 2023-05-27

release: 2.59.5

d7b49dd... by Michael Vogt on 2023-05-26

many: add a bunch of TODO/FIXME for a followup :)

b1f4bbb... by Michael Vogt on 2023-05-25

tests: fix snap-seccomp-blocks-tty-injection on 32bit systems

bce498e... by Michael Vogt on 2023-05-25

tests: fix snap-seccomp-blocks-tty-injection on partially confined systems and on ubuntu core

84c4f0c... by Alex Murray on 2023-05-25

tests/main/snap-seccomp-blocks-tty-injection: fix shellcheck errors

Signed-off-by: Alex Murray <email address hidden>

3ddd3f7... by Alex Murray on 2023-03-24

cmd/snap-seccomp: Group similar variables together

Signed-off-by: Alex Murray <email address hidden>

a536742... by Alex Murray on 2023-03-23

tests/main/snap-seccomp-blocks-tty-injection: spread test CVE-2023-1523

Add a spread test which exercises the two tty injection PoCs for both
CVE-2023-1523 and CVE-2019-7303

Signed-off-by: Alex Murray <email address hidden>

ac51f80... by Alex Murray on 2023-03-22

snap-seccomp-blacklist: also disallow the use of ioctl + TIOCLINUX

Fixes CVE-2023-1523

Signed-off-by: Alex Murray <email address hidden>

453f9e8... by Alex Murray on 2023-03-22

interfaces/seccomp: explicitly disallow the use of ioctl + TIOCLINUX

Fixes CVE-2023-1523

Signed-off-by: Alex Murray <email address hidden>

c0208fd... by Alex Murray on 2023-03-22

snap-seccomp: support explicitly blocking of syscalls

snap-seccomp has always implemented an allow-list approach to syscalls - such
that the listed syscalls are allowed and any non-listed will get
blocked. However, in the case where we want to disallow a syscall with
particular arguments, it is only possible to block one instance of the sycall
with a given argument. If a second similar rule is added, each rule effectively
allows the other and so neither get disallowed as a result.

So introduce the concept of explicitly denying system calls listed in the
seccomp profile by prefixing them with a tilde (~). The seccomp action for these
is then EACCES (since EPERM is the default for unmatched syscalls and seccomp
doesn't allow to specify an action which is the same as the default).

This then allows to specify to block various syscall argument combinations as
expected, and so is used as the mechanism to fix CVE-2023-1523.

Signed-off-by: Alex Murray <email address hidden>

»