| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 27 Jul 2014 16:53:23 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Andy Lutomirski <luto@...capital.net> Cc: Paolo Bonzini <pbonzini@...hat.com>, linux-crypto@...r.kernel.org, Henrique de Moraes Holschuh <hmh@....eng.br>, "linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>, James Morris <james.l.morris@...cle.com>, LSM List <linux-security-module@...r.kernel.org>, Al Viro <viro@...iv.linux.org.uk>, Linux API <linux-api@...r.kernel.org>, Julien Tinnes <jln@...gle.com>, "Theodore Ts'o" <tytso@....edu>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Paul Moore <paul@...l-moore.com>, David Drysdale <drysdale@...gle.com>, Kees Cook <keescook@...omium.org>, Meredydd Luff <meredydd@...atehouse.org>, Christoph Hellwig <hch@...radead.org> Subject: Re: General flags to turn things off (getrandom, pid lookup, etc) Andy Lutomirski <luto@...capital.net> writes: > On Jul 27, 2014 5:06 PM, "Theodore Ts'o" <tytso@....edu> wrote: >> >> On Fri, Jul 25, 2014 at 11:30:48AM -0700, Andy Lutomirski wrote: >> > >> > There is recent interest in having a way to turn generally-available >> > kernel features off. Maybe we should add a good one so we can stop >> > bikeshedding and avoid proliferating dumb interfaces. >> >> I believe the seccomp infrastructure (which is already upstream) >> should be able to do most of what you want, at least with respect to >> features which are exposed via system calls (which was most of your >> list). > > Seccomp can't really restrict lookups of non-self pids. In fact, this > feature idea started out as a response to a patch adding a kind of > nasty seccomp feature to make it sort of possible. > > I agree that that seccomp can turn off GRND_RANDOM, but how is it > supposed to do it in such a way that the filtered software will fall > back to something sensible? -ENOSYS? -EPERM? Something else? > > I think that -ENOSYS is clearly wrong, but standardizing this would be > nice. Admittedly, adding something fancy like this for GRND_RANDOM > may not be appropriate. Andy you seem to be arguing here for two system calls. get_urandom() and get_random(). Where get_urandom only blocks if there is not enough starting entropy, and get_random(GRND_RANDOM) blocks if there is currently not enough entropy. That would allow -ENOSYS to be the right return value and it would simply things for everyone. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists