| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Mar 2014 17:51:03 +0400 From: Pavel Emelyanov <xemul@...allels.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> CC: Cyrill Gorcunov <gorcunov@...il.com>, Andrew Vagin <avagin@...il.com>, Aditya Kali <adityakali@...gle.com>, Stephen Rothwell <sfr@...b.auug.org.au>, Oleg Nesterov <oleg@...hat.com>, <linux-kernel@...r.kernel.org>, <criu@...nvz.org>, Al Viro <viro@...iv.linux.org.uk>, Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <keescook@...omium.org> Subject: Re: [CRIU] [PATCH 1/3] prctl: reduce permissions to change boundaries of data, brk and stack Hi, Eric, >>>> Why can't you have the process of interest do: >>>> ptrace(PTRACE_ATTACHME); >>>> execve(executable, args, ...); >>>> >>>> /* Have the ptracer inject the recovery/fixup code */ >>>> /* Fix up the mostly correct process to look like it has been >>>> * executing for a while. >>>> */ > 2. What you propose means we have to effectively strace and execve-ing task. As > compared with plain prlctl this is up to ~600 times slower. I've made such an experiment. Have you had time to think on the issue? If the prctl restrictions do not work, what else can it be? Thanks, Pavel -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists