FS#58259 - [file] Add seccomp support

Attached to Project: Arch Linux
Opened by userwithuid (userwithuid) - Wednesday, 18 April 2018, 14:54 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 08 January 2020, 10:59 GMT
Task Type Feature Request
Category Packages: Testing
Status Closed
Assigned To Sébastien Luttringer (seblu)
Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

file 5.33 added seccomp support and it's enabled by default if configure finds the lib.

Consider adding "libseccomp" to depends.
Closed by  Levente Polyak (anthraxx)
Wednesday, 08 January 2020, 10:59 GMT
Reason for closing:  Implemented
Additional comments about closing:  5.38-1
Comment by userwithuid (userwithuid) - Thursday, 17 May 2018, 02:55 GMT
  • Field changed: Percent Complete (100% → 0%)
causes makepkg regression, see  bug 58626 
Comment by Eli Schwartz (eschwartz) - Thursday, 17 May 2018, 02:57 GMT
Disabled again with file 5.33-3 since it breaks the Linux PKGBUILD for example.

Comment by valoq (valoq) - Sunday, 10 June 2018, 13:15 GMT
Please consider using this patch instead:
https://github.com/file/file/pull/30/commits/480b7c771dc18cd62cbe8fddee82b88be3cc2e7f

This will disable seccomp when the decompression flag is used but keep it enabled in all other cases.

Comment by Eli Schwartz (eschwartz) - Sunday, 10 June 2018, 14:45 GMT
Arch Linux does not deviate from upstream by maintaining downstream patches.

We certainly do not deviate from upstream when 1) there's no compelling need to do so, 2) upstream has explained in depth why the patch is not just pointless, but actively bad, 3) upstream's reasoning is *correct*.

The file program currently uses zlib to decompress gz files, but calls external programs for other compression types instead of liblzma, libzstd, liblz4, libbz2, etc.
This is a TODO for the developers of file, and the proper fix is obviously to help them finish implementing it instead of adding new "features" to creepily disable seccomp while pretending it is in use. Besides which, as far as I can tell, your proposition results in gz files skipping seccomp too.
Comment by valoq (valoq) - Sunday, 17 June 2018, 14:49 GMT
For those wanting to see seccomp implemented in file, please help implement the missing compression libraries to make this possible.

This upstream issue is documented and tracked here: https://bugs.astron.com/view.php?id=3
Comment by Eli Schwartz (eschwartz) - Sunday, 17 June 2018, 22:22 GMT
Unfortunately it appears even to view bugs when not logged in, you need to... get an account and log in.
Comment by valoq (valoq) - Thursday, 02 August 2018, 13:52 GMT
The bug tracker has now become readable without requiring a login
https://bugs.astron.com/view.php?id=3

The following decompression algorithms still need native implementations

gzip
uncompress
bzip2
lzip
xz
lrzip
lz4
zstd


Any support is greatly appreciated
Comment by Eli Schwartz (eschwartz) - Wednesday, 24 July 2019, 15:22 GMT
https://github.com/file/file/commit/2a1bb655e4cf0a436a5d5313fcca95e55ba56a65

Great news! The latest version of file from git (future 5.38 release) supports -S as a no-op when built without libseccomp. Furthermore, it can be built with libbz2 and liblzma support in which case these filetypes will use internal decompression and be compatible with the sandbox.

Working on getting makepkg support for this, see linked bug.

Loading...