I discovered that https://bugs.launchpad.net/snapd/+bug/1825052 is a serious bug in our seccomp sandbox for any snapd distro packaging that uses a golang-seccomp without https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e since without the patch, golang-seccomp (and therefore snap-seccomp) will generate invalid and lenient bpf for seccomp filters with rules where 2+ arguments are being filtered. This affects the following seccomp policy:
- setpriority in the default template
- chown family of rules in the default template
- socket rules in various interfaces
- the upcoming daemon user PR
snapd’s own vendored golang-seccomp includes this patch and is not affected, so any distro packaging uses snapd’s vendored golang-seccomp is not affected. The latest upstream release of golang-seccomp is 0.9.0 and it is affected. Distros known to not use our vendored golang-seccomp and therefore affected are Debian (before it refreshes core and reexecs) and Fedora.
@pedronis, @mvo, @zyga-snapd - I consider this serious enough that as an immediate first step we should disable seccomp on the distros that choose not to use the vendored golang-seccomp. Beyond that, there are other options such as compile time checks to verify the pfc, a spread test that will fail for systems with seccomp enabled but arg filtering not working correctly, additions to system-key, runtime checks for forced devmode based on system-key, etc.
Note: while this is a serious bug I do not consider it a security bug (though it was very nearly so). I say ‘very nearly’ because this bug does not affect systems using snapd’s vendored and unaffected golang-seccomp (eg, Ubuntu, Ubuntu Core, any Ubuntu derivatives, etc) or any system configured with reexec since an unaffected snap-seccomp is used. In practice this means that only systems with partial confinement are affected. Because the seccomp sandbox alone does not offer meaningful protection without AppArmor, there are many more escapes from the ‘sandbox’ (again, partial confinement is not considered a true sandbox) than the list I gave above.