FS#65250 - [file] "Bad system call" when examining .tar.zst file with -z
Attached to Project:
Arch Linux
Opened by Luca Weiss (z3ntu) - Thursday, 23 January 2020, 21:56 GMT
Last edited by Eli Schwartz (eschwartz) - Thursday, 23 January 2020, 22:02 GMT
Opened by Luca Weiss (z3ntu) - Thursday, 23 January 2020, 21:56 GMT
Last edited by Eli Schwartz (eschwartz) - Thursday, 23 January 2020, 22:02 GMT
|
Details
Description:
Running the command "file -z /var/cache/pacman/pkg/*.pkg.tar.zst" results in "Bad system call" being printed. -z, --uncompress Try to look inside compressed files. Looking at the dmesg there are messages from audit that tell that the syscall with id 22 is blocked - which is 'pipe'. Allowing that syscall in src/seccomp.c makes another syscall appear in the dmesg, shmctl, then vfork. I'm now at execve and wait4 but have given up as it seems to be a bigger problem than just one syscall. Additional info: * file 5.38-1 Steps to reproduce: Run "file -z" on any .zst file (tested only with pacman .pkg.tar.zst for now) |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Thursday, 23 January 2020, 22:02 GMT
Reason for closing: Not a bug
Additional comments about closing: Working as intended.
Thursday, 23 January 2020, 22:02 GMT
Reason for closing: Not a bug
Additional comments about closing: Working as intended.
Given the problem is seccomp, a security sandbox, I think it's plenty obvious why execve is blocked. Security is more important than usability, so if you actually need -z, you should generally also use -S...