| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181031130442.GB9007@redhat.com>
Date: Wed, 31 Oct 2018 14:04:42 +0100
From: Oleg Nesterov <oleg@...hat.com>
To: Kees Cook <keescook@...omium.org>
Cc: Tycho Andersen <tycho@...ho.ws>,
Andy Lutomirski <luto@...capital.net>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
"Serge E . Hallyn" <serge@...lyn.com>,
Christian Brauner <christian@...uner.io>,
Tyler Hicks <tyhicks@...onical.com>,
Akihiro Suda <suda.akihiro@....ntt.co.jp>,
Aleksa Sarai <asarai@...e.de>,
LKML <linux-kernel@...r.kernel.org>,
Linux Containers <containers@...ts.linux-foundation.org>,
Linux API <linux-api@...r.kernel.org>
Subject: Re: [PATCH v8 1/2] seccomp: add a return code to trap to userspace
On 10/30, Kees Cook wrote:
>
> I'd like to avoid changing the return value of __secure_computing() to
> just avoid having to touch all the callers. And I'd prefer not to
> change __seccomp_filter() to a bool, since I'd like the return values
> to be consistent through the call chain.
Sure, please forget.
> I find the existing code more readable than a single-line return, just
> because it's very explicit. I don't want to have to think any harder
> when reading seccomp. ;)
Heh ;) Again, please forget, this is cosmetic.
But I simply can't resist. I asked this question exactly because I was
confused by these 2 lines:
if (__seccomp_filter(this_syscall, NULL, true))
return -1;
return 0;
to me it looks as if we need to filter out some non-zero return values and
turn them into -1. I had to spend some time (and think harder ;) to verify
that this is just the recursive call and nothing more.
nevermind, please ignore.
Oleg.
Powered by blists - more mailing lists