[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#599574: marked as done (linux-image-2.6.32-5-amd64: with seccomp, _exit(0) kills process)

Your message dated Sat, 09 Oct 2010 14:36:30 +0100
with message-id <1286631390.2955.153.camel@localhost>
and subject line Re: Bug#599574: linux-image-2.6.32-5-amd64: with seccomp, _exit(0) kills process
has caused the Debian Bug report #599574,
regarding linux-image-2.6.32-5-amd64: with seccomp, _exit(0) kills process
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
599574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599574
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Subject: linux-image-2.6.32-5-amd64: with seccomp, _exit(0) kills process
Package: linux-2.6
Version: 2.6.32-23
Severity: normal

*** Please type your report below this line ***

Processes with seccomp are killed at _exit. They should be permitted to
call _exit, read, and write (read and write do work).

To reproduce:

cat > main.c << EOF
#include <unistd.h>
#include <sys/prctl.h>
int main() { prctl(PR_SET_SECCOMP, 1, 0, 0, 0); _exit(0); }
EOF
gcc -Wall -Wextra main.c -o seccomptest
./seccomptest 
Killed


If the loaded modules, PCI devices, and USB devices sections would help,
please say so, and I will include them. They seem irrelevant to this
bug.


-- Package-specific info:
** Version:
Linux version 2.6.32-5-amd64 (Debian 2.6.32-23) (dannf@debian.org) (gcc version 4.3.5 (Debian 4.3.5-3) ) #1 SMP Fri Sep 17 21:50:19 UTC 2010

** Command line:
BOOT_IMAGE=/vmlinuz-2.6.32-5-amd64 root=/dev/mapper/hda4_crypt ro vga=794

** Not tainted

** Model information
sys_vendor: System manufacturer
product_name: System Product Name
product_version: System Version
chassis_vendor: Chassis Manufacture
chassis_version: Chassis Version
bios_vendor: American Megatrends Inc.
bios_version: 2106   
board_vendor: ASUSTeK Computer INC.
board_name: M4A88T-M
board_version: Rev X.0x


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages linux-image-2.6.32-5-amd64 depends on:
ii  debconf [debconf-2.0]         1.5.35     Debian configuration management sy
ii  initramfs-tools [linux-initra 0.98.4     tools for generating an initramfs
ii  linux-base                    2.6.32-23  Linux image base package
ii  module-init-tools             3.12-1     tools for managing Linux kernel mo

Versions of packages linux-image-2.6.32-5-amd64 recommends:
ii  firmware-linux-free           2.6.32-23  Binary firmware for various driver

Versions of packages linux-image-2.6.32-5-amd64 suggests:
pn  grub | lilo                   <none>     (no description available)
ii  linux-doc-2.6.32              2.6.32-23  Linux kernel specific documentatio

Versions of packages linux-image-2.6.32-5-amd64 is related to:
pn  firmware-bnx2                 <none>     (no description available)
pn  firmware-bnx2x                <none>     (no description available)
pn  firmware-ipw2x00              <none>     (no description available)
pn  firmware-ivtv                 <none>     (no description available)
pn  firmware-iwlwifi              <none>     (no description available)
ii  firmware-linux                0.26       Binary firmware for various driver
ii  firmware-linux-nonfree        0.26       Binary firmware for various driver
pn  firmware-qlogic               <none>     (no description available)
pn  firmware-ralink               <none>     (no description available)
pn  xen-hypervisor                <none>     (no description available)

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
On Sat, 2010-10-09 at 01:04 -0500, Andrew Varner wrote:
> Subject: linux-image-2.6.32-5-amd64: with seccomp, _exit(0) kills process
> Package: linux-2.6
> Version: 2.6.32-23
> Severity: normal
> 
> *** Please type your report below this line ***
> 
> Processes with seccomp are killed at _exit. They should be permitted to
> call _exit, read, and write (read and write do work).
> 
> To reproduce:
> 
> cat > main.c << EOF
> #include <unistd.h>
> #include <sys/prctl.h>
> int main() { prctl(PR_SET_SECCOMP, 1, 0, 0, 0); _exit(0); }
> EOF
> gcc -Wall -Wextra main.c -o seccomptest
> ./seccomptest 
> Killed

Quoting from _exit(2):

       In glibc up to version 2.3, the _exit() wrapper  function  invoked  the
       kernel  system  call  of  the  same name.  Since glibc 2.3, the wrapper
       function invokes exit_group(2),  in  order  to  terminate  all  of  the
       threads in a process.

The following program exits without being killed:

#include <unistd.h>
#include <sys/prctl.h>
#include <sys/syscall.h>
#include <asm/unistd.h>

int main()
{
    prctl(PR_SET_SECCOMP, 1, 0, 0, 0);
    syscall(__NR_exit);
}

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
Reply to: