diff options
Diffstat (limited to '0001-sandbox-seccomp-accept-build-ID-generated-by-Go-tool.patch')
| -rw-r--r-- | 0001-sandbox-seccomp-accept-build-ID-generated-by-Go-tool.patch | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/0001-sandbox-seccomp-accept-build-ID-generated-by-Go-tool.patch b/0001-sandbox-seccomp-accept-build-ID-generated-by-Go-tool.patch new file mode 100644 index 000000000000..d1b0eaa8ca5f --- /dev/null +++ b/0001-sandbox-seccomp-accept-build-ID-generated-by-Go-tool.patch @@ -0,0 +1,92 @@ +From 6ff74ebc0e2859547a5c72e4cd5dc63cd8577142 Mon Sep 17 00:00:00 2001 +Message-Id: <6ff74ebc0e2859547a5c72e4cd5dc63cd8577142.1572947174.git.maciej.zenon.borzecki@canonical.com> +From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com> +Date: Mon, 4 Nov 2019 14:19:41 +0100 +Subject: [PATCH] sandbox/seccomp: accept build ID generated by Go toolchain + +From user reports, it is possible that snap-seccomp binaries found in the wild, +will contain build ID generated by Go toolchain. The build ID in this case is a +hash of go package, import path, binary, then truncated to 83 bytes and written +to .note.go.buildid ELF section. + +See https://aur.archlinux.org/packages/snapd/#comment-714427 and +https://forum.snapcraft.io/t/future-release-to-include-alpine-linux-as-snapd-host/13144/7 +for examples. + +Update the code to allow the upper limit of 166 characters, which is the +hexstring representation of Go build ID. Since build ID is effectively user +controlled during the build time, this also bumps the upper sanity limit on the +length of this field. + +Fixes: https://bugs.launchpad.net/snapd/+bug/1850914 + +Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com> +--- + sandbox/seccomp/compiler.go | 21 +++++++++++++-------- + sandbox/seccomp/compiler_test.go | 10 ++++++++-- + 2 files changed, 21 insertions(+), 10 deletions(-) + +diff --git a/sandbox/seccomp/compiler.go b/sandbox/seccomp/compiler.go +index d46cebbc45637afbb312af2e9f4c32bf4ffc93ba..2eaf64d59cbe98a08fadb3ee3785dc833efbac9c 100644 +--- a/sandbox/seccomp/compiler.go ++++ b/sandbox/seccomp/compiler.go +@@ -31,14 +31,19 @@ import ( + ) + + var ( +- // version-info format: <build-id> <libseccomp-version> <hash> <features> +- // Where, the hash is calculated over all syscall names supported by the +- // libseccomp library. The build-id is a 160-bit SHA-1 (40 char) string +- // and the hash is a 256-bit SHA-256 (64 char) string. Allow libseccomp +- // version to be 1-5 chars per field (eg, 1.2.3 or 12345.23456.34567) +- // and 1-30 chars of colon-separated features. +- // Ex: 7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c bpf-actlog +- validVersionInfo = regexp.MustCompile(`^[0-9a-f]{1,40} [0-9]{1,5}\.[0-9]{1,5}\.[0-9]{1,5} [0-9a-f]{1,64} [-a-z0-9:]{1,30}$`) ++ // version-info format: <build-id> <libseccomp-version> <hash> ++ // <features> Where, the hash is calculated over all syscall names ++ // supported by the libseccomp library. The build-id is a string of up ++ // to 166 chars, accommodates 128-bit MD5 (32 chars), 160-bit SHA-1 (40 ++ // chars) generated by GNU ld, and 83-byte (166 chars) build ID ++ // generated by Go toolchain, also provides an upper limit of the ++ // user-settable build ID. The hash is a 256-bit SHA-256 (64 char) ++ // string. Allow libseccomp version to be 1-5 chars per field (eg, 1.2.3 ++ // or 12345.23456.34567) and 1-30 chars of colon-separated features. Ex: ++ // 7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 ++ // 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c ++ // bpf-actlog ++ validVersionInfo = regexp.MustCompile(`^[0-9a-f]{1,166} [0-9]{1,5}\.[0-9]{1,5}\.[0-9]{1,5} [0-9a-f]{1,64} [-a-z0-9:]{1,30}$`) + ) + + type Compiler struct { +diff --git a/sandbox/seccomp/compiler_test.go b/sandbox/seccomp/compiler_test.go +index e8c5e7a318227d6686985d0067348e8a5d5c6022..2eaf2bfce439e12f1f68fdb2287c97407032324f 100644 +--- a/sandbox/seccomp/compiler_test.go ++++ b/sandbox/seccomp/compiler_test.go +@@ -49,16 +49,22 @@ func (s *compilerSuite) TestVersionInfoValidate(c *C) { + exp string + err string + }{ +- // valid ++ // all valid ++ // 20-byte sha1 build ID added by GNU ld + {"7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c bpf-actlog", "7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c bpf-actlog", ""}, + {"7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c foo:bar", "7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c foo:bar", ""}, + {"7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", "7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", ""}, ++ // 16-byte md5/uuid build ID added by GNU ld ++ {"3817b197e7abe71a952c1245e8bdf8d9 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", "3817b197e7abe71a952c1245e8bdf8d9 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", ""}, ++ // 83-byte Go build ID ++ {"4e444571495f482d30796b5f57307065544e47692f594c61795f384b7a5258362d6a6f4272736e38302f773374475869496e433176527749797a457a4b532f3967324d4f76556f3130323644572d56326e6248 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", "4e444571495f482d30796b5f57307065544e47692f594c61795f384b7a5258362d6a6f4272736e38302f773374475869496e433176527749797a457a4b532f3967324d4f76556f3130323644572d56326e6248 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", ""}, ++ // sanity + {"abcdef 0.0.0 abcd bpf-actlog", "abcdef 0.0.0 abcd bpf-actlog", ""}, + {"abcdef 0.0.0 abcd -", "abcdef 0.0.0 abcd -", ""}, + + // invalid all the way down from here + // this is over/under the sane length limit for the fields +- {"00000000000000000000000000000000000000001 2.4.1 0000000000000000000000000000000000000000000000000000000000000000 -", "", "invalid format of version-info: .*"}, ++ {"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 2.4.1 0000000000000000000000000000000000000000000000000000000000000000 -", "", "invalid format of version-info: .*"}, + {"0000000000000000000000000000000000000000 123456.0.0 0000000000000000000000000000000000000000000000000000000000000000 -", "", "invalid format of version-info: .*"}, + {"0000000000000000000000000000000000000000 0.123456.0 0000000000000000000000000000000000000000000000000000000000000000 -", "", "invalid format of version-info: .*"}, + {"0000000000000000000000000000000000000000 0.0.123456 0000000000000000000000000000000000000000000000000000000000000000 -", "", "invalid format of version-info: .*"}, +-- +2.24.0 + |