| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090515195644.GA1377@ucw.cz> Date: Fri, 15 May 2009 21:56:44 +0200 From: Pavel Machek <pavel@....cz> To: Adam Langley <agl@...gle.com> Cc: linux-kernel@...r.kernel.org, markus@...gle.com Subject: Re: [RFC 1/1] seccomp: Add bitmask of allowed system calls. Hi! > Briefly, it adds a second seccomp mode (2) where one uploads a bitmask. > Syscall n is allowed if, and only if, bit n is true in the bitmask. If n > is beyond the range of the bitmask, the syscall is denied. > > If prctl is allowed by the bitmask, then a process may switch to mode 1, > or may set a new bitmask iff the new bitmask is a subset of the current > one. (Possibly moving to mode 1 should only be allowed if read, write, > sigreturn, exit are in the currently allowed set.) > > If a process forks/clones, the child inherits the seccomp state of the > parent. (And hopefully I'm managing the memory correctly here.) If you allow setuid exec here, you have added a security hole. Deny setuid() to sendmail and have fun... -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists