lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 17 Jun 2008 19:59:00 +0200
From:	"Michael Kerrisk" <mtk.manpages@...glemail.com>
To:	"Andrea Arcangeli" <andrea@...ranet.com>
Cc:	Valdis.Kletnieks@...edu, "Ivana Varekova" <varekova@...hat.com>,
	lkml <linux-kernel@...r.kernel.org>, linux-man@...r.kernel.org
Subject: Re: PR_SET_SECCOMP and PR_GET_SECCOMP doc (and bug?)

On Tue, Jun 17, 2008 at 7:34 PM, Andrea Arcangeli <andrea@...ranet.com> wrote:
> On Tue, Jun 17, 2008 at 12:12:14PM -0400, Valdis.Kletnieks@...edu wrote:
>> On Tue, 17 Jun 2008 15:32:29 +0200, Michael Kerrisk said:
>> > On Mon, Jun 16, 2008 at 6:25 PM, Andrea Arcangeli <andrea@...ranet.com> wrote:
>> > > On Mon, Jun 16, 2008 at 02:15:13PM +0200, Michael Kerrisk wrote:
>>
>> > >>     PR_GET_SECCOMP (since Linux 2.6.23)
>> > >>         Return the secure computing mode  of  the  calling  thread.
>> > >>         Not  very  useful: if the caller is not in secure computing
>> > >>         mode, this operation returns 0; if the caller is in  secure
>> > >>         computing  mode, then the prctl() call will cause a SIGKILL
>> > >>         signal to be sent to the process.  This operation  is  only
>> > >>         available  if  the kernel is configured with CONFIG_SECCOMP
>> > >>         enabled.
>>
>> Would it make sense to change the text to read "Not very useful for the
>> current implementation of mode=1" and/or add that it may be useful for
>
> Yes, makes sense to me ;).

I've made a change something like you suggest, Valdis.  But I'm still
not really convinced that it will be useful in the future.  The
problem is that as things stand, we would *never* be able to safely
make the prctl(PR_GET_SECCOMP) call, since there is a chance (if mode
is 1) that we would be killed by SIGKILL.



-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
man-pages online: http://www.kernel.org/doc/man-pages/online_pages.html
Found a bug? http://www.kernel.org/doc/man-pages/reporting_bugs.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ