group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1972740] Re: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1972740@xxxxxxxxxxxxxxxxxx>
Date: Mon, 23 May 2022 12:41:40 -0000
Reply-to: Bug 1972740 <1972740@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This bug was fixed in the package linux - 5.13.0-44.49

---------------
linux (5.13.0-44.49) impish; urgency=medium

  * impish/linux: 5.13.0-44.49 -proposed tracker (LP: #1973941)

  * CVE-2022-29581
    - net/sched: cls_u32: fix netns refcount changes in u32_change()

  * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP
    option (LP: #1972740)
    - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

  * ext4: limit length to bitmap_maxbytes (LP: #1972281)
    - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole

 -- Kleber Sacilotto de Souza <kleber.souza@xxxxxxxxxxxxx>  Wed, 18 May
2022 14:56:02 +0200

** Changed in: linux (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1972740

Title:
  Unprivileged users may use PTRACE_SEIZE to set
  PTRACE_O_SUSPEND_SECCOMP option

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Impish:
  Fix Released
Status in linux source package in Jammy:
  Fix Released

Bug description:
  [Impact]
  PTRACE_O_SUSPEND_SECCOMP allows CRIU to disable seccomp on a process. However, setting this option requires privilege when used with PTRACE_SETOPTIONS. However, when used with PTRACE_SEIZE, no privilege is required. This allows sandboxed processes to exit the sandbox if they are allowed to use ptrace.

  [Test case]
  Run the reproducer from https://bugs.chromium.org/p/project-zero/issues/detail?id=2276.

  [Potential regression]
  This may break ptrace users, specially ones using PTRACE_SEIZE or PTRACE_SETOPTIONS. Special attention to processes being sandboxed with seccomp.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1972740/+subscriptions