Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: David Laight <David.Laight@xxxxxxxxxx>
Subject: Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering
From: Ingo Molnar <mingo@xxxxxxx>
Date: Mon, 16 May 2011 14:03:02 +0200
Cc: Eric Paris <eparis@xxxxxxxxxx>, linux-mips@xxxxxxxxxxxxxx, linux-sh@xxxxxxxxxxxxxxx, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Frederic Weisbecker <fweisbec@xxxxxxxxx>, Heiko Carstens <heiko.carstens@xxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, David Howells <dhowells@xxxxxxxxxx>, Paul Mackerras <paulus@xxxxxxxxx>, "H. PeterAnvin" <hpa@xxxxxxxxx>, sparclinux@xxxxxxxxxxxxxxx, Jiri Slaby <jslaby@xxxxxxx>, linux-s390@xxxxxxxxxxxxxxx, Russell King <linux@xxxxxxxxxxxxxxxx>, x86@xxxxxxxxxx, James Morris <jmorris@xxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, kees.cook@xxxxxxxxxxxxx, "Serge E. Hallyn" <serge@xxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, Tejun Heo <tj@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, linux-arm-kernel@xxxxxxxxxxxxxxxxxxx, Michal Marek <mmarek@xxxxxxx>, Michal Simek <monstr@xxxxxxxxx>, Will Drewry <wad@xxxxxxxxxxxx>, linuxppc-dev@xxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, Ralf Baechle <ralf@xxxxxxxxxxxxxx>, Paul Mundt <lethal@xxxxxxxxxxxx>, Martin Schwidefsky <schwidefsky@xxxxxxxxxx>, linux390@xxxxxxxxxx, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, agl@xxxxxxxxxxxx, "David S. Miller" <davem@xxxxxxxxxxxxx>
In-reply-to: <AE90C24D6B3A694183C094C60CF0A2F6D8AD37@xxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-08-17)

* David Laight <David.Laight@xxxxxxxxxx> wrote:

> [...] unfortunately it worked by looking at the user-space buffers on system 
> call entry - and a multithreaded program can easily arrange to update them 
> after the initial check! [...]

Such problems of reliability/persistency of security checks is exactly one of 
my arguments why this should not be limited to the syscall boundary, if you 
read the example i have provided in this discussion.

Thanks,

	Ingo

References:
- Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
  - From: Eric Paris
- RE: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering
  - From: David Laight

Prev by Date: Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
Next by Date: Re: reference to non-existent CONFIG_HAVE_GPIO_LIB variable?
Previous by thread: RE: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering
Next by thread: Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering
Index(es):
- Date
- Thread

[Index of Archives] [Linux MIPS Home] [LKML Archive] [Linux ARM Kernel] [Linux ARM] [Linux] [Git] [Yosemite News] [Linux SCSI] [Linux Hams]