| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1458762.ra4TnS54ZN@sifl> Date: Fri, 11 Jul 2014 12:11:37 -0400 From: Paul Moore <pmoore@...hat.com> To: "H. Peter Anvin" <hpa@...or.com> Cc: Richard Guy Briggs <rgb@...hat.com>, linux-audit@...hat.com, linux-kernel@...r.kernel.org, Eric Paris <eparis@...hat.com>, Al Viro <aviro@...hat.com>, Will Drewry <wad@...omium.org> Subject: Re: [PATCH 2/3] [RFC] seccomp: give BPF x32 bit when restoring x32 filter On Thursday, July 10, 2014 09:06:02 PM H. Peter Anvin wrote: > Incidentally: do seccomp users know that on an x86-64 system you can > recevie system calls from any of the x86 architectures, regardless of > how the program is invoked? (This is unusual, so normally denying those > "alien" calls is the right thing to do.) I obviously can't speak for all seccomp users, but libseccomp handles this by checking the seccomp_data->arch value at the start of the filter and killing (by default) any non-native architectures. If you want, you can change this default behavior or add support for other architectures (e.g. create a filter that allows both x86-64 and x32 but disallows x86, or any combination of the three for that matter). -- paul moore security and virtualization @ redhat -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists