On 2018-10-04 12:45:08 [-0400], Rik van Riel wrote: > Wait, so any thread can bypass its memory protection > keys, even if there is a seccomp filter preventing > it from calling the PKRU syscalls? We have SYS_pkey_alloc +free and SYS_pkey_mprotect. For read/ write of the register value, libc is using and opcodes. > Is that intended? Either that or it ended like that because someone failed to attend a meeting where this was discussed. Here is something from pkeys(7): | Protection keys have the potential to add a layer of security and | reliability to applications. But they have not been primarily designed as a | security feature. For instance, WRPKRU is a completely unprivileged | instruction, so pkeys are useless in any case that an attacker controls the | PKRU register or can execute arbitrary instructions. Sebastian
