lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jul 2006 13:37:44 +0200 From: Bodo Eggert <7eggert@...tempel.de> To: Ingo Molnar <mingo@...e.hu>, Jeff Dike <jdike@...toit.com>, Andrea Arcangeli <andrea@...e.de>, Andi Kleen <ak@...e.de>, Alan Cox <alan@...rguk.ukuu.org.uk>, Arjan van de Ven <arjan@...radead.org>, Adrian Bunk <bunk@...sta.de>, Andrew Morton <akpm@...l.org>, Lee Revell <rlrevell@...-job.com>, linux-kernel@...r.kernel.org, Alan Cox <alan@...hat.com>, Linus Torvalds <torvalds@...l.org> Subject: Re: [patch] let CONFIG_SECCOMP default to n Ingo Molnar <mingo@...e.hu> wrote: > * Jeff Dike <jdike@...toit.com> wrote: >> Now, there were a couple of ways to legitimately escape from UML, and >> they *did* involve ptrace. Things like single-stepping a system call >> instruction or putting a breakpoint on a system call instruction and >> single-stepping from the breakpoint. As far as I know, these were >> discovered and fixed by UML developers before there was any outside >> awareness of these bugs. > > also, UML 'ptrace clients' are allowed alot more leeway than what a > seccomp-alike ptrace/utrace based syscall filter would allow. It would > clearly exclude activities like 'setting a breakpoint' or > 'single-stepping' - valid syscalls would be limited to > read/write/sigreturn/exit. So instead of breakpointing (using int3), you'd have to write 'mv flag I_AM_HERE;self:jmp self' and resort to polling? This would not prevent (ab)use except for some corner cases. -- Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF verbreiteten Lügen zu sabotieren. http://david.woodhou.se/why-not-spf.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists