commit 87b075dd16c675606adee792ef1e22691c51475b Author: David Goulet <dgoulet@ev0ke.net> Date: Thu Dec 22 10:43:41 2016 -0500 syscall: Add seccomp, gettimeofday, clock_gettime, fork Whitelist those four syscalls for the syscall() function. Patch from "cypherpunks". Closes #21022 Signed-off-by: David Goulet <dgoulet@ev0ke.net> --- src/common/compat.h | 16 ++++++++++++++ src/lib/syscall.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) diff --git a/src/common/compat.h b/src/common/compat.h index aa1da28..f490113 100644 --- a/src/common/compat.h +++ b/src/common/compat.h @@ -114,6 +114,18 @@ void tsocks_once(tsocks_once_t *o, void (*init_routine)(void)); #ifndef __NR_sched_getaffinity #define __NR_sched_getaffinity -14 #endif +#ifndef __NR_seccomp +#define __NR_seccomp -15 +#endif +#ifndef __NR_gettimeofday +#define __NR_gettimeofday -16 +#endif +#ifndef __NR_clock_gettime +#define __NR_clock_gettime -17 +#endif +#ifndef __NR_fork +#define __NR_fork -18 +#endif #define TSOCKS_NR_SOCKET __NR_socket #define TSOCKS_NR_CONNECT __NR_connect @@ -129,6 +141,10 @@ void tsocks_once(tsocks_once_t *o, void (*init_routine)(void)); #define TSOCKS_NR_FUTEX __NR_futex #define TSOCKS_NR_ACCEPT4 __NR_accept4 #define TSOCKS_NR_SCHED_GETAFFINITY __NR_sched_getaffinity +#define TSOCKS_NR_SECCOMP __NR_seccomp +#define TSOCKS_NR_GETTIMEOFDAY __NR_gettimeofday +#define TSOCKS_NR_CLOCK_GETTIME __NR_clock_gettime +#define TSOCKS_NR_FORK __NR_fork /* * Despite glibc providing wrappers for these calls for a long time diff --git a/src/lib/syscall.c b/src/lib/syscall.c index 789c380..d0fdaaa 100644 --- a/src/lib/syscall.c +++ b/src/lib/syscall.c @@ -372,6 +372,57 @@ static LIBC_SYSCALL_RET_TYPE handle_inotify_rm_watch(va_list args) return inotify_rm_watch(fd, wd); } + +/* + * Handle seccomp(2) syscall. + */ +static LIBC_SYSCALL_RET_TYPE handle_seccomp(va_list args) +{ + unsigned int operation, flags; + void *sargs; + + operation = va_arg(args, __typeof__(operation)); + flags = va_arg(args, __typeof__(flags)); + sargs = va_arg(args, __typeof__(sargs)); + + return tsocks_libc_syscall(TSOCKS_NR_SECCOMP, operation, flags, sargs); +} + +/* + * Handle gettimeofday(2) syscall. + */ +static LIBC_SYSCALL_RET_TYPE handle_gettimeofday(va_list args) +{ + struct timeval *tv; + struct timezone *tz; + + tv = va_arg(args, __typeof__(tv)); + tz = va_arg(args, __typeof__(tz)); + + return tsocks_libc_syscall(TSOCKS_NR_GETTIMEOFDAY, tv, tz); +} + +/* + * Handle clock_gettime(2) syscall. + */ +static LIBC_SYSCALL_RET_TYPE handle_clock_gettime(va_list args) +{ + clockid_t clk_id; + struct timespec *tp; + + clk_id = va_arg(args, __typeof__(clk_id)); + tp = va_arg(args, __typeof__(tp)); + + return tsocks_libc_syscall(TSOCKS_NR_CLOCK_GETTIME, clk_id, tp); +} + +/* + * Handle fork(2) syscall. + */ +static LIBC_SYSCALL_RET_TYPE handle_fork(void) +{ + return tsocks_libc_syscall(TSOCKS_NR_FORK); +} #endif /* __linux__ */ /* @@ -478,6 +529,18 @@ LIBC_SYSCALL_RET_TYPE tsocks_syscall(long int number, va_list args) case TSOCKS_NR_SCHED_GETAFFINITY: ret = handle_sched_getaffinity(args); break; + case TSOCKS_NR_SECCOMP: + ret = handle_seccomp(args); + break; + case TSOCKS_NR_GETTIMEOFDAY: + ret = handle_gettimeofday(args); + break; + case TSOCKS_NR_CLOCK_GETTIME: + ret = handle_clock_gettime(args); + break; + case TSOCKS_NR_FORK: + ret = handle_fork(); + break; #endif /* __linux__ */ default: /*