group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1972740] Re: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1972740@xxxxxxxxxxxxxxxxxx>
Date: Mon, 23 May 2022 12:40:34 -0000
Reply-to: Bug 1972740 <1972740@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This bug was fixed in the package linux - 5.4.0-113.127

---------------
linux (5.4.0-113.127) focal; urgency=medium

  * focal/linux: 5.4.0-113.127 -proposed tracker (LP: #1973980)

  * CVE-2022-29581
    - net/sched: cls_u32: fix netns refcount changes in u32_change()

  * CVE-2022-1116
    - io_uring: fix fs->users overflow

  * ext4: limit length to bitmap_maxbytes (LP: #1972281)
    - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole

  * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP
    option (LP: #1972740)
    - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Wed, 18 May 2022 16:07:54
+0200

** Changed in: linux (Ubuntu Impish)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1972740

Title:
  Unprivileged users may use PTRACE_SEIZE to set
  PTRACE_O_SUSPEND_SECCOMP option

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Impish:
  Fix Released
Status in linux source package in Jammy:
  Fix Released

Bug description:
  [Impact]
  PTRACE_O_SUSPEND_SECCOMP allows CRIU to disable seccomp on a process. However, setting this option requires privilege when used with PTRACE_SETOPTIONS. However, when used with PTRACE_SEIZE, no privilege is required. This allows sandboxed processes to exit the sandbox if they are allowed to use ptrace.

  [Test case]
  Run the reproducer from https://bugs.chromium.org/p/project-zero/issues/detail?id=2276.

  [Potential regression]
  This may break ptrace users, specially ones using PTRACE_SEIZE or PTRACE_SETOPTIONS. Special attention to processes being sandboxed with seccomp.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1972740/+subscriptions