syscalls/prctl.c

   1 /*
   2  * SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
   3          unsigned long, arg4, unsigned long, arg5)
   4  */
   5 #include "config.h"
   6
   7 #include <stdlib.h>
   8 #include <linux/prctl.h>
   9 #ifdef USE_SECCOMP
  10 #include <linux/seccomp.h>
  11 #endif
  12 #include <sys/prctl.h>
  13 #include <sys/socket.h>
  14
  15 #include "sanitise.h"
  16 #include "net.h"
  17 #include "maps.h"
  18 #include "shm.h"
  19 #include "compat.h"
  20 #include "utils.h"
  21 #include "trinity.h"
  22
  23 #define NR_PRCTL_OPTS 28
  24 static int prctl_opts[NR_PRCTL_OPTS] = {
  25         PR_CAPBSET_READ, PR_CAPBSET_DROP, PR_SET_DUMPABLE, PR_GET_DUMPABLE,
  26         PR_SET_ENDIAN, PR_GET_ENDIAN, PR_SET_FPEMU, PR_GET_FPEMU, PR_SET_FPEXC,
  27         PR_GET_FPEXC, PR_SET_KEEPCAPS, PR_GET_KEEPCAPS, PR_SET_NAME,
  28         PR_GET_NAME, PR_SET_PDEATHSIG, PR_GET_PDEATHSIG, PR_SET_SECCOMP,
  29         PR_GET_SECCOMP, PR_SET_SECUREBITS, PR_GET_SECUREBITS, PR_SET_TIMING,
  30         PR_GET_TIMING, PR_SET_TSC, PR_GET_TSC, PR_SET_UNALIGN, PR_GET_UNALIGN,
  31         PR_MCE_KILL, PR_MCE_KILL_GET,
  32 };
  33
  34
  35 #ifdef USE_SECCOMP
  36 static void do_set_seccomp(int childno)
  37 {
  38         unsigned long *optval = NULL, optlen = 0;
  39
  40         bpf_gen_seccomp(&optval, &optlen);
  41
  42         shm->syscall[childno].a2 = SECCOMP_MODE_FILTER;
  43         shm->syscall[childno].a3 = (unsigned long) optval;
  44         shm->syscall[childno].a4 = 0;
  45         shm->syscall[childno].a5 = 0;
  46 }
  47 #else
  48 static void do_set_seccomp(__unused__ int childno) { }
  49 #endif
  50
  51 /* We already got a generic_sanitise at this point */
  52 void sanitise_prctl(int childno)
  53 {
  54         int option = prctl_opts[rand() % NR_PRCTL_OPTS];
  55
  56 // For now, just do SECCOMP, the other options need some attention.
  57         option = PR_SET_SECCOMP;
  58
  59         shm->syscall[childno].a1 = option;
  60
  61         switch (option) {
  62         case PR_SET_SECCOMP:
  63                 do_set_seccomp(childno);
  64                 break;
  65
  66         default:
  67                 break;
  68         }
  69 }
  70
  71 struct syscallentry syscall_prctl = {
  72         .name = "prctl",
  73         .num_args = 5,
  74         .arg1name = "option",
  75         .arg2name = "arg2",
  76         .arg3name = "arg3",
  77         .arg4name = "arg4",
  78         .arg5name = "arg5",
  79         .sanitise = sanitise_prctl,
  80 };