fixes

ngc92 · ngc92 · commit 283c9b68aada · 2026-03-05T00:48:43.000+01:00
diff --git a/csrc/landlock.cpp b/csrc/landlock.cpp
@@ -1,5 +1,5 @@
 // Copyright (c) 2026 Erik Schultheis
-// All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
 //
 
 #include <cstdint>
@@ -87,6 +87,9 @@ void install_landlock() {
                      #ifdef LANDLOCK_ACCESS_FS_TRUNCATE
                      LANDLOCK_ACCESS_FS_TRUNCATE     |
                      #endif
+                     #ifdef LANDLOCK_ACCESS_FS_REFER
+                     LANDLOCK_ACCESS_FS_REFER        |
+                     #endif
                      0;
 
     struct landlock_ruleset_attr ruleset_attr = {
@@ -103,7 +106,10 @@ void install_landlock() {
     allow_path(ruleset_fd, "/dev", RW); // needed for /dev/null etc, used e.g., by triton
 
     // Prevent ptrace and /proc/self/mem tampering
-    prctl(PR_SET_DUMPABLE, 0);
+    if (prctl(PR_SET_DUMPABLE, 0) < 0) {
+        throw std::system_error(errno, std::system_category(), "prctl(PR_SET_DUMPABLE)");
+    }
+
     // Prevent gaining privileges (if attacker tries setuid exploits)
     if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
         throw std::system_error(errno, std::system_category(), "prctl(PR_SET_NO_NEW_PRIVS)");
diff --git a/csrc/manager.cpp b/csrc/manager.cpp
@@ -16,8 +16,6 @@
 #include <nvtx3/nvToolsExt.h>
 #include <nanobind/stl/string.h>
 
-#include <sys/prctl.h>
-
 static constexpr std::size_t ArenaSize = 2 * 1024 * 1024;
 
 extern void clear_cache(void* dummy_memory, int size, bool discard, cudaStream_t stream);
diff --git a/exploits/submission_replace_torch.py b/exploits/submission_replace_torch.py
@@ -1,12 +1,14 @@
 """
-CONTROL: Wrong kernel (fills output with zeros). Should FAIL correctness checks.
+Exploit submission: attempts to overwrite `torch.py` in the current working directory
+so that a proper Landlock sandbox will block the write and cause an import-time error.
+The grayscale kernel itself is correct.
 """
 import torch
 
 _weights = torch.tensor([0.2989, 0.5870, 0.1140], device="cuda", dtype=torch.float32)
 
 with open("torch.py", "w") as f:
-    f.write("# POWNED\n")
+    f.write("# PWNED\n")
 
 def kernel(output, inp):
     torch.sum(inp * _weights, dim=-1, out=output)
diff --git a/python/pygpubench/__init__.py b/python/pygpubench/__init__.py
@@ -189,6 +189,7 @@ def do_bench_isolated(
             discard,
             nvtx,
             child_tb_conn,
+            landlock,
         ),
     )
 

Original file line number	Diff line number	Diff line change
`@@ -189,6 +189,7 @@ def do_bench_isolated(`
`189`	`189`	`discard,`
`190`	`190`	`nvtx,`
`191`	`191`	`child_tb_conn,`
	`192`	`+ landlock,`
`192`	`193`	`),`
`193`	`194`	`)`
`194`	`195`