Re: Compat 32-bit syscall entry from 64-bit task!?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Compat 32-bit syscall entry from 64-bit task!?
From: Andi Kleen <andi@xxxxxxxxxxxxxx>
Date: Wed, 18 Jan 2012 20:44:20 +0100
Cc: Andi Kleen <andi@xxxxxxxxxxxxxx>, Indan Zupancic <indan@xxxxxx>, Jamie Lokier <jamie@xxxxxxxxxxxxx>, Andrew Lutomirski <luto@xxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Will Drewry <wad@xxxxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, keescook@xxxxxxxxxxxx, john.johansen@xxxxxxxxxxxxx, serge.hallyn@xxxxxxxxxxxxx, coreyb@xxxxxxxxxxxxxxxxxx, pmoore@xxxxxxxxxx, eparis@xxxxxxxxxx, djm@xxxxxxxxxxx, segoon@xxxxxxxxxxxx, rostedt@xxxxxxxxxxx, jmorris@xxxxxxxxx, scarybeasts@xxxxxxxxx, avi@xxxxxxxxxx, penberg@xxxxxxxxxxxxxx, viro@xxxxxxxxxxxxxxxxxx, mingo@xxxxxxx, akpm@xxxxxxxxxxxxxxxxxxxx, khilman@xxxxxx, borislav.petkov@xxxxxxx, amwang@xxxxxxxxxx, ak@xxxxxxxxxxxxxxx, eric.dumazet@xxxxxxxxx, gregkh@xxxxxxx, dhowells@xxxxxxxxxx, daniel.lezcano@xxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, olofj@xxxxxxxxxxxx, mhalcrow@xxxxxxxxxx, dlaor@xxxxxxxxxx, Roland McGrath <mcgrathr@xxxxxxxxxxxx>
In-reply-to: <CA+55aFz+NNf3SrAdno72EEVbhM-tgBcwjz0ao3TLiOSJR-yJoQ@mail.gmail.com>
User-agent: Mutt/1.4.2.2i

> Umm. But the exact same is true of "LSM for custom jail". It's a
> f*&^ing disaster, and it's a whole lot more complicated than ptrace.
> 
> Plus it can't even do what ptrace does, so what's the point?  There's

It can securely enable syscall auditing which can catch all syscalls
(however you only get race free memory arguments for the ones with LSM hooks 
at the right place). Really need both.

I agree it's not easy to get tight (and also not pretty), but you have a lot 
better chance doing it this way than with ptrace.

-Andi
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Follow-Ups:
- Re: Compat 32-bit syscall entry from 64-bit task!?
  - From: Linus Torvalds

References:
- Re: Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF]
  - From: Andi Kleen
- Re: Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF]
  - From: Jamie Lokier
- Re: Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF]
  - From: Andi Kleen
- Re: Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF]
  - From: Indan Zupancic
- Re: Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF]
  - From: Linus Torvalds
- Re: Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF]
  - From: Linus Torvalds
- Re: Compat 32-bit syscall entry from 64-bit task!?
  - From: Indan Zupancic
- Re: Compat 32-bit syscall entry from 64-bit task!?
  - From: Linus Torvalds
- Re: Compat 32-bit syscall entry from 64-bit task!?
  - From: Andi Kleen
- Re: Compat 32-bit syscall entry from 64-bit task!?
  - From: Linus Torvalds

Prev by Date: Re: Compat 32-bit syscall entry from 64-bit task!?
Next by Date: Re: Compat 32-bit syscall entry from 64-bit task!?
Previous by thread: Re: Compat 32-bit syscall entry from 64-bit task!?
Next by thread: Re: Compat 32-bit syscall entry from 64-bit task!?
Index(es):
- Date
- Thread

[Index of Archives] [Linux Ext4 Filesystem] [Union Filesystem] [Filesystem Testing] [Ceph Users] [Ecryptfs] [AutoFS] [Kernel Newbies] [Share Photos] [Security] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Cachefs] [Reiser Filesystem] [Linux RAID] [Samba] [Device Mapper] [CEPH Development]