Comment 5 for bug 1812973

Jamie Strandboge (jdstrand) wrote :

To expand on Zygmunt's comment:

The default seccomp filter in is configured to block ioctl(..., TIOCSTI, ...) but in snapd < 2.37.4 this could be circumvented on 64 bit architectures by setting any high bits in the 2nd argument to ioctl. This was caused in part because the Linux kernel ignores the high bits when processing the ioctl but considers them when evaluating the seccomp filter. This is arguably a kernel bug in that the kernel is not performing the seccomp filter check on the value that it is ultimately going to process.

This was further complicated by the fact that the tty_ioctl man page (which is the one that documents TIOCSTI) lists the ioctl second argument as an int while the ioctl man page lists it as unsigned long.