github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-18 16:51:30 +00:00
Code Issues Projects Releases Wiki Activity

update(userspace/engine): bump falco engine version

Browse Source 
Co-authored-by: Kaizhe Huang <derek0405@gmail.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato 2021-06-17 12:10:37 +00:00 committed by poiana
parent 7db4778f55
commit 9ff8099501
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rules/falco_rules.yaml
View File

@ -3065,7 +3065,8 @@
- rule: Unprivileged Delegation of Page Faults Handling to a Userspace Process - rule: Unprivileged Delegation of Page Faults Handling to a Userspace Process
desc: Detect a successful unprivileged userfaultfd syscall which might act as an attack primitive to exploit other bugs desc: Detect a successful unprivileged userfaultfd syscall which might act as an attack primitive to exploit other bugs
condition: > condition: >
consider_userfaultfd_activities and evt.type = userfaultfd and consider_userfaultfd_activities and
evt.type = userfaultfd and
user.uid != 0 and user.uid != 0 and
(evt.rawres >= 0 or evt.res != -1) and (evt.rawres >= 0 or evt.res != -1) and
not proc.name in (user_known_userfaultfd_activities) not proc.name in (user_known_userfaultfd_activities)

2
userspace/engine/falco_engine_version.h
View File

@ -16,7 +16,7 @@ limitations under the License.
// The version of rules/filter fields/etc supported by this falco // The version of rules/filter fields/etc supported by this falco
// engine. // engine.
#define FALCO_ENGINE_VERSION (8) #define FALCO_ENGINE_VERSION (9)
// This is the result of running "falco --list -N | sha256sum" and // This is the result of running "falco --list -N | sha256sum" and
// represents the fields supported by this version of falco. It's used // represents the fields supported by this version of falco. It's used