On Thu, Mar 24, 2016 at 4:24 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > On Wed, Mar 23, 2016 at 6:46 PM, Mickaël Salaün <mic@xxxxxxxxxxx> wrote: >> Hi, >> >> This series is a proof of concept (not ready for production) to extend seccomp >> with the ability to check argument pointers of syscalls as kernel object (e.g. >> file path). This add a needed feature to create a full sandbox managed by >> userland like the Seatbelt/XNU Sandbox or the OpenBSD Pledge. It was initially >> inspired from a partial seccomp-LSM prototype [1] but has evolved a lot since :) > > This is interesting! I'd really like to get argument inspection > working. I'm going to spend some time examining this series more > closely, but my initial reaction is that I'm suspicious of the ToCToU > checking -- I'd rather there be no race at all. As for the bug-fixes, > I'll get those pulled in now. Thanks! > Personally, I love the OpenBSD pledge() mechanism. It makes it so easy to apply attack surface reduction. If seccomp moves closer to pledge, that would be great. See here: https://github.com/dimkr/libwaive -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
