lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 04 Aug 2020 10:26:56 -0400
From:   Gabriel Krisman Bertazi <krisman@...labora.com>
To:     Pavel Machek <pavel@....cz>
Cc:     tglx@...utronix.de, linux-kernel@...r.kernel.org,
        kernel@...labora.com, willy@...radead.org, luto@...nel.org,
        gofmanp@...il.com, keescook@...omium.org,
        linux-kselftest@...r.kernel.org, shuah@...nel.org
Subject: Re: [PATCH v4 0/2] Syscall User Redirection

Pavel Machek <pavel@....cz> writes:

> Hi!
>
>> This is v4 of Syscall User Redirection.  The implementation itself is
>> not modified from v3, it only applies the latest round of reviews to the
>> selftests.
>> 
>> __NR_syscalls is not really exported in header files other than
>> asm-generic for every architecture, so it felt safer to optionally
>> expose it with a fallback to a high value.
>> 
>> Also, I didn't expose tests for PR_GET as that is not currently
>> implemented.  If possible, I'd have it supported by a future patchset,
>> since it is not immediately necessary to support this feature.
>> 
>> Finally, one question: Which tree would this go through?
>
> Should it come with Documentation?

Hi,

Thanks for the review.

I will prepare it for the next iteration.

> How does it interact with ptrace, seccomp and similar?

That is a very good question.

Regarding seccomp, this must take precedence, since the use case is
emulation (it can be invoked with a different ABI) such that seccomp
filtering by syscall number doesn't make sense in the first place.  In
addition, either the syscall is dispatched back to userspace, in which
case there is no resource for seccomp to protect, or the syscall will be
executed, and seccomp will execute next.

Regarding ptrace, I experimented with before and after, and while the
same ABI argument applies, I felt it was easier to debug if I let ptrace
happen for syscalls that are dispatched back to userspace.  In addition,
doing it after ptrace makes the code in syscall_exit_work slightly
simpler, since it doesn't require special handling for this feature.

For PTRACE_SYSEMU in particular, either placing this before or after is
a bit odd.  I don't think there is a right answer for this one, but I
don't see anyone wanting to use these features at the same time.  I
think as long as it is documented behavior, it should be fine either
way.

-- 
Gabriel Krisman Bertazi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ