Disallow clone3, unsafe clone and unshare flags

Ability to create new namespaces and getting capabilities in there exposes a big kernel attack surface. PiperOrigin-RevId: 564703131 Change-Id: I3dcf4c78dca9f51a4b068df16e1b1a69916d727c
2024-03-22 13:11:30 +08:00 · 2023-09-12 06:29:54 -07:00 · 2023-09-12 06:29:54 -07:00 · 4289b64aa7
commit 4289b64aa7
parent 77f62ccb1f
1 changed files with 26 additions and 4 deletions
--- a/sandboxed_api/sandbox2/policy.cc
+++ b/sandboxed_api/sandbox2/policy.cc
@ -25,6 +25,7 @@
 #include <syscall.h>

 #include <cstdint>
+#include <limits>
 #include <optional>
 #include <string>
 #include <vector>
@ -170,16 +171,37 @@ std::vector<sock_filter> Policy::GetDefaultPolicy(bool user_notif) const {
  if (!user_policy_handles_bpf_) {
    policy.insert(policy.end(), {JEQ32(__NR_bpf, DENY)});
  }
+#ifndef CLONE_NEWCGROUP
+#define CLONE_NEWCGROUP 0x02000000
+#endif
+  constexpr uintptr_t kNewNamespacesFlags =
+      CLONE_NEWNS | CLONE_NEWUSER | CLONE_NEWNET | CLONE_NEWUTS |
+      CLONE_NEWCGROUP | CLONE_NEWIPC | CLONE_NEWPID;
+  static_assert(kNewNamespacesFlags <= std::numeric_limits<uint32_t>::max());
+  constexpr uintptr_t kUnsafeCloneFlags = kNewNamespacesFlags | CLONE_UNTRACED;
+  static_assert(kUnsafeCloneFlags <= std::numeric_limits<uint32_t>::max());
  policy.insert(policy.end(),
                {
-                    // Disallow clone with CLONE_UNTRACED flag.  This uses
+#ifdef __NR_clone3
+                    // Disallow clone3
+                    JEQ32(__NR_clone3, DENY),
+#endif
+                    // Disallow clone3 and clone with unsafe flags.  This uses
                    // LOAD_SYSCALL_NR from above.
-                    JNE32(__NR_clone, JUMP(&l, past_clone_untraced_l)),
+                    JNE32(__NR_clone, JUMP(&l, past_clone_unsafe_l)),
                    // Regardless of arch, we only care about the lower 32-bits
                    // of the flags.
                    ARG_32(0),
-                    JA32(CLONE_UNTRACED, DENY),
-                    LABEL(&l, past_clone_untraced_l),
+                    JA32(kUnsafeCloneFlags, DENY),
+                    LABEL(&l, past_clone_unsafe_l),
+                    // Disallow unshare with unsafe flags.
+                    LOAD_SYSCALL_NR,
+                    JNE32(__NR_unshare, JUMP(&l, past_unshare_unsafe_l)),
+                    // Regardless of arch, we only care about the lower 32-bits
+                    // of the flags.
+                    ARG_32(0),
+                    JA32(kNewNamespacesFlags, DENY),
+                    LABEL(&l, past_unshare_unsafe_l),
                    // Disallow seccomp with SECCOMP_FILTER_FLAG_NEW_LISTENER
                    // flag.
                    LOAD_SYSCALL_NR,