| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1304531735.10692.58.camel@localhost.localdomain> Date: Wed, 04 May 2011 13:55:33 -0400 From: Eric Paris <eparis@...hat.com> To: Frederic Weisbecker <fweisbec@...il.com> Cc: Steven Rostedt <rostedt@...dmis.org>, Will Drewry <wad@...omium.org>, Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org, kees.cook@...onical.com, agl@...omium.org, jmorris@...ei.org, Randy Dunlap <rdunlap@...otime.net>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Tom Zanussi <tzanussi@...il.com>, Arnaldo Carvalho de Melo <acme@...hat.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Thomas Gleixner <tglx@...utronix.de> Subject: Re: [PATCH 5/7] seccomp_filter: Document what seccomp_filter is and how it works. On Wed, 2011-05-04 at 19:03 +0200, Frederic Weisbecker wrote: > On Wed, May 04, 2011 at 12:22:40PM -0400, Eric Paris wrote: > So the following set of operations: > > > > SECCOMP_FILTER_SET, __NR_foo, "a=0" > > SECCOMP_FILTER_SET, __NR_read, "1" > > SECCOPM_FILTER_APPLY > > > > SECCOMP_FILTER_SET, __NR_foo, "b=0" > > SECCOMP_FILTER_APPLY > > > > SECCOMP_FILTER_SET, __NR_write, "1" > > SECCOMP_FILTER_APPLY > > > > Would return EPERM for the __NR_write entry since it was a new syscall > > after a set. I think we agree on all this. > > No, why? > > The default filter for a syscall, if none have been given for it, is "0". > > Thus, if you write "1" later, the entire filter is going to be: > > "0 && 1" > > Which is fine, we are not overriding already applied permissions there. > > So where is the need to return -EPERM in such a specific case? Is it > worth the corner case to check in the kernel, and to handle in userspace? > And for what reason? I assumed without looking at the code (always a bad idea) that he wasn't going to explicitly create a rule with "0" and was going to implicitly deny anything without a rule. If there is an explicit "0" rule then you are right, i don't see a need to deny the set operation in the kernel. But if it is implicit in the non-existence of a filter then it should be easy to tell userspace it isn't allowed any more. -Eric -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists