| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHse=S-_w+3WR0H0qPGWs5fer-3ncA6LX0is4UeJ48KCtK5Vmg@mail.gmail.com> Date: Tue, 28 Jul 2015 18:13:31 +0100 From: David Drysdale <drysdale@...gle.com> To: Kees Cook <keescook@...omium.org> Cc: Linux API <linux-api@...r.kernel.org>, Michael Kerrisk <mtk.manpages@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, Arnd Bergmann <arnd@...db.de>, Shuah Khan <shuahkh@....samsung.com>, Jonathan Corbet <corbet@....net>, Andrea Arcangeli <aarcange@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Eric B Munson <emunson@...mai.com>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, Oleg Nesterov <oleg@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Andy Lutomirski <luto@...capital.net>, Al Viro <viro@...iv.linux.org.uk>, Rusty Russell <rusty@...tcorp.com.au>, Peter Zijlstra <peterz@...radead.org>, Vivek Goyal <vgoyal@...hat.com>, Alexei Starovoitov <ast@...mgrid.com>, David Herrmann <dh.herrmann@...il.com>, "Theodore Ts'o" <tytso@....edu>, Milosz Tanski <milosz@...in.com>, Fam Zheng <famz@...hat.com>, Josh Triplett <josh@...htriplett.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH RFC 1/1] Documentation: describe how to add a system call On Tue, Jul 28, 2015 at 5:43 PM, Kees Cook <keescook@...omium.org> wrote: > On Tue, Jul 28, 2015 at 4:41 AM, David Drysdale <drysdale@...gle.com> wrote: >> Add a document describing the process of adding a new system call, >> including the need for a flags argument for future compatibility, and >> covering 32-bit/64-bit concerns (albeit in an x86-centric way). >> >> Signed-off-by: David Drysdale <drysdale@...gle.com> >> Reviewed-by: Michael Kerrisk <mtk.manpages@...il.com> > > This is great! > > Reviewed-by: Kees Cook <keescook@...omium.org> > > I have a few minor suggestions below... Thanks, I've applied all bar one -- a query below. >> --- >> Documentation/adding-syscalls.txt | 454 ++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 454 insertions(+) >> create mode 100644 Documentation/adding-syscalls.txt >> >> diff --git a/Documentation/adding-syscalls.txt b/Documentation/adding-syscalls.txt >> new file mode 100644 >> index 000000000000..5f52edda8951 >> --- /dev/null >> +++ b/Documentation/adding-syscalls.txt [snip] >> + - If there is an existing capability that governs related functionality, then >> + use that. However, avoid combining lots of only vaguely related functions >> + together under the same bit, as this goes against capabilities' purpose of >> + splitting the power of root. In particular, avoid adding new uses of the >> + already overly-general CAP_SYS_ADMIN capability. >> + - If there is no related capability, then consider adding a new capability >> + bit -- but bear in mind that the numbering space is limited, and each new >> + bit needs to be understood and administered by sysadmins. > > Perhaps mention alternative mechanisms for access control when working > on file descriptors, like avoiding security issues by looking at fd > _opener_ credentials, rather than current's credentials? I'm struggling to cope up with text about this that doesn't feel either too vague or much too detailed / internal, so maybe I'm misunderstanding what you're after. Could you clarify or maybe suggest a sentence or two? Thanks, David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists