Debian Bug report logs - #599574
linux-image-2.6.32-5-amd64: with seccomp, _exit(0) kills process

version graph

Package: linux-2.6; Maintainer for linux-2.6 is Debian Kernel Team <debian-kernel@lists.debian.org>;

Reported by: Andrew Varner <andrew.varner@marquette.edu>

Date: Sat, 9 Oct 2010 06:12:02 UTC

Severity: normal

Found in version 2.6.32-23

Done: Ben Hutchings <ben@decadent.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>:
Bug#599574; Package linux-2.6. (Sat, 09 Oct 2010 06:12:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andrew Varner <andrew.varner@marquette.edu>:
New Bug report received and forwarded. Copy sent to Debian Kernel Team <debian-kernel@lists.debian.org>. (Sat, 09 Oct 2010 06:12:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Andrew Varner <andrew.varner@marquette.edu>
To: <submit@bugs.debian.org>
Subject: linux-image-2.6.32-5-amd64: with seccomp, _exit(0) kills process
Date: Sat, 9 Oct 2010 01:04:09 -0500
Subject: linux-image-2.6.32-5-amd64: with seccomp, _exit(0) kills process
Package: linux-2.6
Version: 2.6.32-23
Severity: normal

*** Please type your report below this line ***

Processes with seccomp are killed at _exit. They should be permitted to
call _exit, read, and write (read and write do work).

To reproduce:

cat > main.c << EOF
#include <unistd.h>
#include <sys/prctl.h>
int main() { prctl(PR_SET_SECCOMP, 1, 0, 0, 0); _exit(0); }
EOF
gcc -Wall -Wextra main.c -o seccomptest
./seccomptest 
Killed


If the loaded modules, PCI devices, and USB devices sections would help,
please say so, and I will include them. They seem irrelevant to this
bug.


-- Package-specific info:
** Version:
Linux version 2.6.32-5-amd64 (Debian 2.6.32-23) (dannf@debian.org) (gcc version 4.3.5 (Debian 4.3.5-3) ) #1 SMP Fri Sep 17 21:50:19 UTC 2010

** Command line:
BOOT_IMAGE=/vmlinuz-2.6.32-5-amd64 root=/dev/mapper/hda4_crypt ro vga=794

** Not tainted

** Model information
sys_vendor: System manufacturer
product_name: System Product Name
product_version: System Version
chassis_vendor: Chassis Manufacture
chassis_version: Chassis Version
bios_vendor: American Megatrends Inc.
bios_version: 2106   
board_vendor: ASUSTeK Computer INC.
board_name: M4A88T-M
board_version: Rev X.0x


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages linux-image-2.6.32-5-amd64 depends on:
ii  debconf [debconf-2.0]         1.5.35     Debian configuration management sy
ii  initramfs-tools [linux-initra 0.98.4     tools for generating an initramfs
ii  linux-base                    2.6.32-23  Linux image base package
ii  module-init-tools             3.12-1     tools for managing Linux kernel mo

Versions of packages linux-image-2.6.32-5-amd64 recommends:
ii  firmware-linux-free           2.6.32-23  Binary firmware for various driver

Versions of packages linux-image-2.6.32-5-amd64 suggests:
pn  grub | lilo                   <none>     (no description available)
ii  linux-doc-2.6.32              2.6.32-23  Linux kernel specific documentatio

Versions of packages linux-image-2.6.32-5-amd64 is related to:
pn  firmware-bnx2                 <none>     (no description available)
pn  firmware-bnx2x                <none>     (no description available)
pn  firmware-ipw2x00              <none>     (no description available)
pn  firmware-ivtv                 <none>     (no description available)
pn  firmware-iwlwifi              <none>     (no description available)
ii  firmware-linux                0.26       Binary firmware for various driver
ii  firmware-linux-nonfree        0.26       Binary firmware for various driver
pn  firmware-qlogic               <none>     (no description available)
pn  firmware-ralink               <none>     (no description available)
pn  xen-hypervisor                <none>     (no description available)

-- debconf information excluded





Reply sent to Ben Hutchings <ben@decadent.org.uk>:
You have taken responsibility. (Sat, 09 Oct 2010 13:39:06 GMT) Full text and rfc822 format available.

Notification sent to Andrew Varner <andrew.varner@marquette.edu>:
Bug acknowledged by developer. (Sat, 09 Oct 2010 13:39:06 GMT) Full text and rfc822 format available.

Message #10 received at 599574-done@bugs.debian.org (full text, mbox):

From: Ben Hutchings <ben@decadent.org.uk>
To: 599574-done@bugs.debian.org
Subject: Re: Bug#599574: linux-image-2.6.32-5-amd64: with seccomp, _exit(0) kills process
Date: Sat, 09 Oct 2010 14:36:30 +0100
[Message part 1 (text/plain, inline)]
On Sat, 2010-10-09 at 01:04 -0500, Andrew Varner wrote:
> Subject: linux-image-2.6.32-5-amd64: with seccomp, _exit(0) kills process
> Package: linux-2.6
> Version: 2.6.32-23
> Severity: normal
> 
> *** Please type your report below this line ***
> 
> Processes with seccomp are killed at _exit. They should be permitted to
> call _exit, read, and write (read and write do work).
> 
> To reproduce:
> 
> cat > main.c << EOF
> #include <unistd.h>
> #include <sys/prctl.h>
> int main() { prctl(PR_SET_SECCOMP, 1, 0, 0, 0); _exit(0); }
> EOF
> gcc -Wall -Wextra main.c -o seccomptest
> ./seccomptest 
> Killed

Quoting from _exit(2):

       In glibc up to version 2.3, the _exit() wrapper  function  invoked  the
       kernel  system  call  of  the  same name.  Since glibc 2.3, the wrapper
       function invokes exit_group(2),  in  order  to  terminate  all  of  the
       threads in a process.

The following program exits without being killed:

#include <unistd.h>
#include <sys/prctl.h>
#include <sys/syscall.h>
#include <asm/unistd.h>

int main()
{
    prctl(PR_SET_SECCOMP, 1, 0, 0, 0);
    syscall(__NR_exit);
}

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 07 Nov 2010 07:36:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 14:57:53 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.