On Wed 2018-01-24 20:46:22, Alan Cox wrote: > > Anyway, no need to add prctl(), if A can ptrace B and B can ptrace A, > > leaking info between them should not be a big deal. You can probably > > find existing macros doing neccessary checks. > > Until one of them is security managed so it shouldn't be able to ptrace > the other, or (and this is the nasty one) when a process is executing > code it wants to protect from the rest of the same process (eg an > untrusted jvm, javascript or probably nastiest of all webassembly) > > We don't need a prctl for trusted/untrusted IMHO but we do eventually > need to think about API's for "this lot is me but I don't trust > it" (flatpack, docker, etc) and for what JIT engines need to do. Agreed. And yes, JITs are interesting, and given the latest rowhammer/sidechannel attacks, something we may want to limit in future... It sounds nice on paper but is just risky. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
