| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jun 2009 09:22:38 +0200 From: Andi Kleen <andi@...stfloor.org> To: David Thomas <davidleothomas@...il.com> Cc: linux-kernel@...r.kernel.org Subject: Re: Magic Security Dust: Appropriating SECCOMP David Thomas <davidleothomas@...il.com> writes: Normally it's better if you post example patches, even if they're unclean. > Moving the checks from the audit/trace code out to the > individual syscalls means that each syscall we're doing one Not sure that's a good idea. It would be lot of code churn all over the tree and risk of not covering some new syscalls. What I would do if I wanted a more flexible seccomp is to have a "one bit for each syscall" bitmap (or rather two one for compat another for non compat) that is checked by the audit code and then just check all syscalls against that big bitmap. Then have some way to configure that bitmap for groups of processes. -Andi -- ak@...ux.intel.com -- Speaking for myself only. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists