| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <p73hctqggfz.fsf@bingen.suse.de> Date: 13 Feb 2007 17:39:28 +0100 From: Andi Kleen <andi@...stfloor.org> To: Alan <alan@...rguk.ukuu.org.uk> Cc: Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org, Linus Torvalds <torvalds@...ux-foundation.org>, Arjan van de Ven <arjan@...radead.org>, Christoph Hellwig <hch@...radead.org>, Andrew Morton <akpm@....com.au>, Ulrich Drepper <drepper@...hat.com>, Zach Brown <zach.brown@...cle.com>, Evgeniy Polyakov <johnpol@....mipt.ru>, "David S. Miller" <davem@...emloft.net>, Benjamin LaHaise <bcrl@...ck.org>, Suparna Bhattacharya <suparna@...ibm.com>, Davide Libenzi <davidel@...ilserver.org>, Thomas Gleixner <tglx@...utronix.de> Subject: Re: [patch 00/11] ANNOUNCE: "Syslets", generic asynchronous system call support Alan <alan@...rguk.ukuu.org.uk> writes: Funny, it sounds like batch() on stereoids @) Ok with an async context it becomes somewhat more interesting. > sys_setuid/gid/etc need to be synchronous only and not occur > while other async syscalls are running in parallel to meet current kernel > assumptions. > > sys_exec and other security boundaries must be synchronous only > and not allow async "spill over" (consider setuid async binary patching) He probably would need some generalization of Andrea's seccomp work. Perhaps using bitmaps? For paranoia I would suggest to white list, not black list calls. -Andi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists