lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Feb 2019 14:25:55 +0100 From: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com> To: Tycho Andersen <tycho@...ho.ws>, "Serge E. Hallyn" <serge@...lyn.com> Cc: mtk.manpages@...il.com, linux-man@...r.kernel.org, Kees Cook <keescook@...omium.org>, Linux API <linux-api@...r.kernel.org>, lkml <linux-kernel@...r.kernel.org>, Andy Lutomirski <luto@...capital.net>, Jann Horn <jann@...jh.net>, Oleg Nesterov <oleg@...hat.com>, Christian Brauner <christian@...uner.io>, "Eric W. Biederman" <ebiederm@...ssion.com>, Containers <containers@...ts.linux-foundation.org>, Aleksa Sarai <asarai@...e.de>, Tyler Hicks <tyhicks@...onical.com>, Akihiro Suda <suda.akihiro@....ntt.co.jp> Subject: Re: [PATCH 2/2] seccomp.2: document userspace notification > 7. The monitoring process can use the information in the > 'struct seccomp_notif' to make a determination about the > system call being made by the target process. This > structure includes a 'data' field that is the same > 'struct seccomp_data' that is passed to a BPF filter. > > In addition, the monitoring process may make use of other > information that is available from user space. For example, > it may inspect the memory of the target process (whose PID > is provided in the 'struct seccomp_notif') using > /proc/PID/mem, which includes inspecting the values > pointed to by system call arguments (whose location is > available 'seccomp_notif.data.args). However, when using > the target process PID in this way, one must guard against > PID re-use race conditions using the seccomp() > SECCOMP_IOCTL_NOTIF_ID_VALID operation. > > 8. Having arrived at a decision about the target process's > system call, the monitoring process can inform the kernel > of its decision using the operation > > ioctl(listenfd, SECCOMP_IOCTL_NOTIF_SEND, respptr) > > where the third argument is a pointer to a > 'struct seccomp_notif_resp'. [Some more details > needed here, but I still don't yet understand fully > the semantics of the 'error' and 'val' fields.] So clearly, I misunderstood these last two steps. (7) is something like: discover information in userspace as required; perform userspace actions if appropriate (perhaps doing the system call operation "on behalf of" the target process). (8) is something like: set 'error' and 'val' to return info to the target process: * error != 0 ==> make it look like the syscall failed, with 'errno' set to that value * error == 0 ==> make it look like the syscall succeeded and returned 'val' Right? Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/
Powered by blists - more mailing lists