core,seccomp: refuse to specify errno for allow-listed syscalls

author: Yu Watanabe <watanabe.yu+github@gmail.com> 2021-03-08 03:57:59 +0100
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2021-03-08 13:28:38 +0100
commit: 084a46d7c56a3f5812bb63f3e1a860c8952e6e0d (patch)
tree: c7907f95408f7fa2b340194dc861eb956d2259f4
parent: core: drop meaningless parse_syscall_and_errno() calls (diff)
download: systemd-084a46d7c56a3f5812bb63f3e1a860c8952e6e0d.tar.xz
systemd-084a46d7c56a3f5812bb63f3e1a860c8952e6e0d.zip
3 files changed, 15 insertions, 2 deletions
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 399986db4a..4a1585f663 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -2252,6 +2252,9 @@ int bus_exec_context_set_transient_property(
                                 if (r < 0)
                                         return r;
 
+                                if (allow_list && e >= 0)
+                                        return -EINVAL;
+
                                 r = seccomp_parse_syscall_filter(n,
                                                                  e,
                                                                  c->syscall_filter,
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 41ee7b6438..c6fc4fe083 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -3209,13 +3209,20 @@ int config_parse_syscall_filter(
                 if (r == -ENOMEM)
                         return log_oom();
                 if (r < 0) {
-                        log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
+                        log_syntax(unit, LOG_WARNING, filename, line, r,
+                                   "Invalid syntax, ignoring: %s", rvalue);
                         return 0;
                 }
 
                 r = parse_syscall_and_errno(word, &name, &num);
                 if (r < 0) {
-                        log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse syscall:errno, ignoring: %s", word);
+                        log_syntax(unit, LOG_WARNING, filename, line, r,
+                                   "Failed to parse syscall:errno, ignoring: %s", word);
+                        continue;
+                }
+                if (!invert && num >= 0) {
+                        log_syntax(unit, LOG_WARNING, filename, line, 0,
+                                   "Allow-listed system calls cannot take error number, ignoring: %s", word);
                         continue;
                 }
 
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 009992cfbf..3354f7bc08 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1135,6 +1135,9 @@ int seccomp_parse_syscall_filter(
         assert(name);
         assert(filter);
 
+        if (!FLAGS_SET(flags, SECCOMP_PARSE_INVERT) && errno_num >= 0)
+                return -EINVAL;
+
         if (name[0] == '@') {
                 const SyscallFilterSet *set;
                 const char *i;
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2021-03-08 03:57:59 +0100
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2021-03-08 13:28:38 +0100
commit	084a46d7c56a3f5812bb63f3e1a860c8952e6e0d (patch)
tree	c7907f95408f7fa2b340194dc861eb956d2259f4
parent	core: drop meaningless parse_syscall_and_errno() calls (diff)
download	systemd-084a46d7c56a3f5812bb63f3e1a860c8952e6e0d.tar.xz systemd-084a46d7c56a3f5812bb63f3e1a860c8952e6e0d.zip