summarylogtreecommitdiffstats
path: root/0001-sandbox-seccomp-accept-build-ID-generated-by-Go-tool.patch
blob: d1b0eaa8ca5fe4e9e53e5ee6dfdd7fe07d80a3d9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

From 6ff74ebc0e2859547a5c72e4cd5dc63cd8577142 Mon Sep 17 00:00:00 2001
Message-Id: <6ff74ebc0e2859547a5c72e4cd5dc63cd8577142.1572947174.git.maciej.zenon.borzecki@canonical.com>
From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Date: Mon, 4 Nov 2019 14:19:41 +0100
Subject: [PATCH] sandbox/seccomp: accept build ID generated by Go toolchain

From user reports, it is possible that snap-seccomp binaries found in the wild,
will contain build ID generated by Go toolchain. The build ID in this case is a
hash of go package, import path, binary, then truncated to 83 bytes and written
to .note.go.buildid ELF section.

See https://aur.archlinux.org/packages/snapd/#comment-714427 and
https://forum.snapcraft.io/t/future-release-to-include-alpine-linux-as-snapd-host/13144/7
for examples.

Update the code to allow the upper limit of 166 characters, which is the
hexstring representation of Go build ID. Since build ID is effectively user
controlled during the build time, this also bumps the upper sanity limit on the
length of this field.

Fixes: https://bugs.launchpad.net/snapd/+bug/1850914

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
---
 sandbox/seccomp/compiler.go      | 21 +++++++++++++--------
 sandbox/seccomp/compiler_test.go | 10 ++++++++--
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/sandbox/seccomp/compiler.go b/sandbox/seccomp/compiler.go
index d46cebbc45637afbb312af2e9f4c32bf4ffc93ba..2eaf64d59cbe98a08fadb3ee3785dc833efbac9c 100644
--- a/sandbox/seccomp/compiler.go
+++ b/sandbox/seccomp/compiler.go
@@ -31,14 +31,19 @@ import (
 )
 
 var (
-	// version-info format: <build-id> <libseccomp-version> <hash> <features>
-	// Where, the hash is calculated over all syscall names supported by the
-	// libseccomp library. The build-id is a 160-bit SHA-1 (40 char) string
-	// and the hash is a 256-bit SHA-256 (64 char) string. Allow libseccomp
-	// version to be 1-5 chars per field (eg, 1.2.3 or 12345.23456.34567)
-	// and 1-30 chars of colon-separated features.
-	// Ex: 7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c bpf-actlog
-	validVersionInfo = regexp.MustCompile(`^[0-9a-f]{1,40} [0-9]{1,5}\.[0-9]{1,5}\.[0-9]{1,5} [0-9a-f]{1,64} [-a-z0-9:]{1,30}$`)
+	// version-info format: <build-id> <libseccomp-version> <hash>
+	// <features> Where, the hash is calculated over all syscall names
+	// supported by the libseccomp library. The build-id is a string of up
+	// to 166 chars, accommodates 128-bit MD5 (32 chars), 160-bit SHA-1 (40
+	// chars) generated by GNU ld, and 83-byte (166 chars) build ID
+	// generated by Go toolchain, also provides an upper limit of the
+	// user-settable build ID. The hash is a 256-bit SHA-256 (64 char)
+	// string. Allow libseccomp version to be 1-5 chars per field (eg, 1.2.3
+	// or 12345.23456.34567) and 1-30 chars of colon-separated features. Ex:
+	// 7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3
+	// 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c
+	// bpf-actlog
+	validVersionInfo = regexp.MustCompile(`^[0-9a-f]{1,166} [0-9]{1,5}\.[0-9]{1,5}\.[0-9]{1,5} [0-9a-f]{1,64} [-a-z0-9:]{1,30}$`)
 )
 
 type Compiler struct {
diff --git a/sandbox/seccomp/compiler_test.go b/sandbox/seccomp/compiler_test.go
index e8c5e7a318227d6686985d0067348e8a5d5c6022..2eaf2bfce439e12f1f68fdb2287c97407032324f 100644
--- a/sandbox/seccomp/compiler_test.go
+++ b/sandbox/seccomp/compiler_test.go
@@ -49,16 +49,22 @@ func (s *compilerSuite) TestVersionInfoValidate(c *C) {
 		exp string
 		err string
 	}{
-		// valid
+		// all valid
+		// 20-byte sha1 build ID added by GNU ld
 		{"7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c bpf-actlog", "7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c bpf-actlog", ""},
 		{"7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c foo:bar", "7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c foo:bar", ""},
 		{"7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", "7ac348ac9c934269214b00d1692dfa50d5d4a157 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", ""},
+		// 16-byte md5/uuid build ID added by GNU ld
+		{"3817b197e7abe71a952c1245e8bdf8d9 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", "3817b197e7abe71a952c1245e8bdf8d9 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", ""},
+		// 83-byte Go build ID
+		{"4e444571495f482d30796b5f57307065544e47692f594c61795f384b7a5258362d6a6f4272736e38302f773374475869496e433176527749797a457a4b532f3967324d4f76556f3130323644572d56326e6248 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", "4e444571495f482d30796b5f57307065544e47692f594c61795f384b7a5258362d6a6f4272736e38302f773374475869496e433176527749797a457a4b532f3967324d4f76556f3130323644572d56326e6248 2.3.3 03e996919907bc7163bc83b95bca0ecab31300f20dfa365ea14047c698340e7c -", ""},
+		// sanity
 		{"abcdef 0.0.0 abcd bpf-actlog", "abcdef 0.0.0 abcd bpf-actlog", ""},
 		{"abcdef 0.0.0 abcd -", "abcdef 0.0.0 abcd -", ""},
 
 		// invalid all the way down from here
 		// this is over/under the sane length limit for the fields
-		{"00000000000000000000000000000000000000001 2.4.1 0000000000000000000000000000000000000000000000000000000000000000 -", "", "invalid format of version-info: .*"},
+		{"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 2.4.1 0000000000000000000000000000000000000000000000000000000000000000 -", "", "invalid format of version-info: .*"},
 		{"0000000000000000000000000000000000000000 123456.0.0 0000000000000000000000000000000000000000000000000000000000000000 -", "", "invalid format of version-info: .*"},
 		{"0000000000000000000000000000000000000000 0.123456.0 0000000000000000000000000000000000000000000000000000000000000000 -", "", "invalid format of version-info: .*"},
 		{"0000000000000000000000000000000000000000 0.0.123456 0000000000000000000000000000000000000000000000000000000000000000 -", "", "invalid format of version-info: .*"},
-- 
2.24.0