On Wed, Jan 18, 2012 at 1:52 PM, Will Drewry <wad@xxxxxxxxxxxx> wrote: > On Wed, Jan 18, 2012 at 1:47 PM, Linus Torvalds > <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: >> On Wed, Jan 18, 2012 at 11:44 AM, Andi Kleen <andi@xxxxxxxxxxxxxx> wrote: >>> >>> It can securely enable syscall auditing which can catch all syscalls >>> (however you only get race free memory arguments for the ones with LSM hooks >>> at the right place). Really need both. >>> >>> I agree it's not easy to get tight (and also not pretty), but you have a lot >>> better chance doing it this way than with ptrace. >> >> .. And how the f*^& did you imagine that something like chrome would do that? >> >> You need massive amounts of privileges, and it's a total disaster in >> every single respect. >> >> Stop pushing crap. No, ptrace isn't wonderful, but your LSM+auditing >> idea is a billion times worse in all respects. >> >> We can definitely fix the ptrace issue with compat system calls. > > FWIW, it looks like audit needs fixing too. If a process only uses > TIF_SYSCALL_AUDIT, then the fast-path will properly annotate the entry > with AUDIT_ARCH_I386, but if it takes the slow path because of some > other tracing on a thread (ftrace, ptrace, ...), then the audit record > will incorrectly use TIF_IA32 to write the audit record. Easy patch > (I'll write it up shortly), but yet another case of breakage. Nevermind - mis-derefenced the IS_IA32 define. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
