sandboxing: known issues in seccomp filters

Known issues identified by security auditors for the **Sandboxing / Seccomp** subsystem.
Listed for the Immunefi bug bounty contest to prevent duplicate reports.

> **Note:** Detailed reproduction steps and exploit specifics are intentionally omitted.

### 1. 32-bit argument check bypass on x86_64

- **Impact**: Sandbox Escape
- **Code**: [`contrib/codegen/generate_filters.py`](https://github.com/firedancer-io/firedancer/blob/7749015ae1651dd71c60dceee9223ef23f46a6ba/contrib/codegen/generate_filters.py)
- **Summary**: Seccomp BPF filter code generator only checks the lower 32 bits of syscall arguments on x86_64, allowing filter bypass.
- **Ref**: [auditor-internal#464](https://github.com/firedancer-io/auditor-internal/issues/464)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sandboxing: known issues in seccomp filters #9172

1. 32-bit argument check bypass on x86_64

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

sandboxing: known issues in seccomp filters #9172

Description

1. 32-bit argument check bypass on x86_64

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions