lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 27 Jul 2014 17:06:17 -0400
From:	Theodore Ts'o <>
To:	Andy Lutomirski <>
Cc:	"Eric W. Biederman" <>,
	Julien Tinnes <>,
	David Drysdale <>,
	Al Viro <>,
	Paolo Bonzini <>,
	LSM List <>,
	Greg Kroah-Hartman <>,
	Paul Moore <>,
	James Morris <>,
	Linux API <>,
	Meredydd Luff <>,
	Christoph Hellwig <>,
	"" <>,
	Kees Cook <>,
	Henrique de Moraes Holschuh <>,
Subject: Re: General flags to turn things off (getrandom, pid lookup, etc)

On Fri, Jul 25, 2014 at 11:30:48AM -0700, Andy Lutomirski wrote:
> There is recent interest in having a way to turn generally-available
> kernel features off.  Maybe we should add a good one so we can stop
> bikeshedding and avoid proliferating dumb interfaces.

I believe the seccomp infrastructure (which is already upstream)
should be able to do most of what you want, at least with respect to
features which are exposed via system calls (which was most of your

It won't cover x86 specific things like restricting RDTSC or CPUID
(and as far as I know you can't intercept the CPUID instruction), but
I'm not sure it matters.  I don't really see the point, myself.

    	     		    	  	 - Ted
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists