On Wed, Jan 18, 2012 at 1:47 PM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Wed, Jan 18, 2012 at 11:44 AM, Andi Kleen <andi@xxxxxxxxxxxxxx> wrote: >> >> It can securely enable syscall auditing which can catch all syscalls >> (however you only get race free memory arguments for the ones with LSM hooks >> at the right place). Really need both. >> >> I agree it's not easy to get tight (and also not pretty), but you have a lot >> better chance doing it this way than with ptrace. > > .. And how the f*^& did you imagine that something like chrome would do that? > > You need massive amounts of privileges, and it's a total disaster in > every single respect. > > Stop pushing crap. No, ptrace isn't wonderful, but your LSM+auditing > idea is a billion times worse in all respects. > > We can definitely fix the ptrace issue with compat system calls. FWIW, it looks like audit needs fixing too. If a process only uses TIF_SYSCALL_AUDIT, then the fast-path will properly annotate the entry with AUDIT_ARCH_I386, but if it takes the slow path because of some other tracing on a thread (ftrace, ptrace, ...), then the audit record will incorrectly use TIF_IA32 to write the audit record. Easy patch (I'll write it up shortly), but yet another case of breakage. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
