Libseccomp 2.4.0 Released
14 Mar 2019 tags: seccompIt’s been over a year since the last libseccomp release (libseccomp v2.3.3 was released on January 10, 2018) but I’m happy to announce that today we’ve released libseccomp v2.4.0!
The libseccomp v2.4.0 release is a drop-in replacement for previous v2.x releases; no recompilation of applications is required. Although applications will need to be restarted to take advantage of the new libseccomp release.
The new release is a significant upgrade over libseccomp v2.3.3. In addition to a number of new features, there was a big push to improve the quality of the code in this release; a lot of time was spent adding new tests and fixing bugs. In fact there is one bug in particular that is worth giving specific mention: prior to the v2.4.0 release, libseccomp’s 64-bit syscall argument comparison code was incorrect and generated seccomp-bpf filters that would not always correctly match on syscall arguments. The impact of this bug should be relatively limited, but the researcher who identified this bug, Jann Horn, was able to identify libseccomp filters in systemd and Tor that were incorrectly generated due to this bug. Jann did not find any other vulnerable applications, but it is possible other applications are affected.
I would like to thank researches like Jann Horn who help identify problems in security critical applications and libraries like libseccomp, as well as the 46 people who have contributed their time, effort, code, and artwork to libseccomp (the complete list can be found in the CREDITS file) - thank you!
Changes in the v2.4.0 release include:
- Update the syscall table for Linux v5.0-rc5
- Added support for the SCMP_ACT_KILL_PROCESS action
- Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
- Added explicit 32-bit (SCMP_AX_32(…)) and 64-bit (SCMP_AX_64(…)) argument comparison macros to help protect against unexpected sign extension
- Added support for the parisc and parisc64 architectures
- Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)
- Return -EDOM on an endian mismatch when adding an architecture to a filter
- Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()
- Fix PFC generation when a syscall is prioritized, but no rule exists
- Numerous fixes to the seccomp-bpf filter generation code
- Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
- Numerous tests added to the included test suite, coverage now at ~92%
- Update our Travis CI configuration to use Ubuntu 16.04
- Numerous documentation fixes and updates