On Mon, 29 Jan 2018 14:14:46 +0100 Pavel Machek <pavel@xxxxxx> wrote: > On Wed 2018-01-24 20:46:22, Alan Cox wrote: > > > Anyway, no need to add prctl(), if A can ptrace B and B can ptrace A, > > > leaking info between them should not be a big deal. You can probably > > > find existing macros doing neccessary checks. > > > > Until one of them is security managed so it shouldn't be able to ptrace > > the other, or (and this is the nasty one) when a process is executing > > code it wants to protect from the rest of the same process (eg an > > untrusted jvm, javascript or probably nastiest of all webassembly) > > > > We don't need a prctl for trusted/untrusted IMHO but we do eventually > > need to think about API's for "this lot is me but I don't trust > > it" (flatpack, docker, etc) and for what JIT engines need to do. > > Agreed. > > And yes, JITs are interesting, and given the latest > rowhammer/sidechannel attacks, something we may want to limit in > future... > > It sounds nice on paper but is just risky. I don't think java, javascript, webassembly, (and for some implementations truetype, pdf, postscript, ... and more) are going away in a hurry. Alan
