projects / linux.git / blame
| Commit | Line | Data |
|---|---|---|
| 1da177e4 LT |
1 | /* |
| 2 | * linux/kernel/seccomp.c | |
| 3 | * | |
| 4 | * Copyright 2004-2005 Andrea Arcangeli <[email protected]> | |
| 5 | * | |
| 6 | * This defines a simple but solid secure-computing mode. | |
| 7 | */ | |
| 8 | ||
| 9 | #include <linux/seccomp.h> | |
| 10 | #include <linux/sched.h> | |
| 11 | ||
| 12 | /* #define SECCOMP_DEBUG 1 */ | |
| 13 | ||
| 14 | /* | |
| 15 | * Secure computing mode 1 allows only read/write/exit/sigreturn. | |
| 16 | * To be fully secure this must be combined with rlimit | |
| 17 | * to limit the stack allocations too. | |
| 18 | */ | |
| 19 | static int mode1_syscalls[] = { | |
| 20 | __NR_seccomp_read, __NR_seccomp_write, __NR_seccomp_exit, __NR_seccomp_sigreturn, | |
| 21 | 0, /* null terminated */ | |
| 22 | }; | |
| 23 | ||
| 24 | #ifdef TIF_32BIT | |
| 25 | static int mode1_syscalls_32[] = { | |
| 26 | __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32, | |
| 27 | 0, /* null terminated */ | |
| 28 | }; | |
| 29 | #endif | |
| 30 | ||
| 31 | void __secure_computing(int this_syscall) | |
| 32 | { | |
| 33 | int mode = current->seccomp.mode; | |
| 34 | int * syscall; | |
| 35 | ||
| 36 | switch (mode) { | |
| 37 | case 1: | |
| 38 | syscall = mode1_syscalls; | |
| 39 | #ifdef TIF_32BIT | |
| 40 | if (test_thread_flag(TIF_32BIT)) | |
| 41 | syscall = mode1_syscalls_32; | |
| 42 | #endif | |
| 43 | do { | |
| 44 | if (*syscall == this_syscall) | |
| 45 | return; | |
| 46 | } while (*++syscall); | |
| 47 | break; | |
| 48 | default: | |
| 49 | BUG(); | |
| 50 | } | |
| 51 | ||
| 52 | #ifdef SECCOMP_DEBUG | |
| 53 | dump_stack(); | |
| 54 | #endif | |
| 55 | do_exit(SIGKILL); | |
| 56 | } |