Libseccomp: BUG: misleading name of test 18-sim-basic_whitelist

Created on 27 Apr 2016  ·  3Comments  ·  Source: seccomp/libseccomp

Hi,

I was reading tests/18-sim-basic_whitelist.c.

If I understand it correctly, it does the following:

  • Disallow some read, write, close, and rt_sigreturn syscalls (only if they act on stdin, stdout, stderr).
  • Allow everything else (in particular, reading/writing to any other file descriptor is allowed)

This is not whitelisting, this is blacklisting.

Should the file be renamed? Should all KILLs and ACCEPTs be swapped to achieve whitelisting?

It would be nice to have a true whitelisting example, since this is the strongly recommended use of seccomp.

bug
Source
picture diekmann

Most helpful comment

Merged in 5e0a33f8f5c086204451041c43010e4ab51b5c6e, thanks @lucab!

picture pcmoore on 2 Jun 2016
😄1 👍1

All 3 comments

Yes, it should probably be renamed, but to be honest, the name of these isn't very important, the content of the test is what matters.

pcmoore picture pcmoore on 27 Apr 2016
👍1

Enhancement suggestion: It would be nice to _additionally_ have a whitelisting test. Test cases tend to be used by developers as reference or code example. :+1:

I just found a library (not written by me) which had basically the same bug. It meant to do whitelisting with seccomp but actually did blacklisting. I cannot tell whether this was an independent bug or maybe subconsciously induced by this test case.

By the way: do you want me to delete this comment and open a separate issue for this?

diekmann picture diekmann on 29 Apr 2016
👍1

Merged in 5e0a33f8f5c086204451041c43010e4ab51b5c6e, thanks @lucab!

pcmoore picture pcmoore on 2 Jun 2016
😄1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jdstrand picture jdstrand  ·  20Comments
pcmoore picture pcmoore  ·  10Comments
pcmoore picture pcmoore  ·  14Comments
alban picture alban  ·  5Comments
oxr463 picture oxr463  ·  4Comments