lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <eab10cc7834be3c720147a6b24769840.squirrel@webmail.greenhost.nl>
Date:	Fri, 17 Feb 2012 02:25:55 +0100
From:	"Indan Zupancic" <indan@....nu>
To:	"Andrew Lutomirski" <luto@....edu>
Cc:	"H. Peter Anvin" <hpa@...or.com>, "Will Drewry" <wad@...omium.org>,
	linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org,
	linux-doc@...r.kernel.org, kernel-hardening@...ts.openwall.com,
	netdev@...r.kernel.org, x86@...nel.org, arnd@...db.de,
	davem@...emloft.net, mingo@...hat.com, oleg@...hat.com,
	peterz@...radead.org, rdunlap@...otime.net, mcgrathr@...omium.org,
	tglx@...utronix.de, eparis@...hat.com, serge.hallyn@...onical.com,
	djm@...drot.org, scarybeasts@...il.com, pmoore@...hat.com,
	akpm@...ux-foundation.org, corbet@....net, eric.dumazet@...il.com,
	markus@...omium.org, keescook@...omium.org
Subject: Re: [PATCH v8 3/8] seccomp: add system call filtering using BPF

On Fri, February 17, 2012 01:51, Andrew Lutomirski wrote:
> IMO the best solution is to have the One True Seccomp Filter Compiler
> (tm).  It would handle multiple namespaces, cross-arch differences,
> and such, and it would do it correctly.  It could live in the kernel
> tree.

I'm not interested in any such compiler, if I use this BPF thing I'll use
it directly by scanning my syscall table info and converting it to a BPF
filter for the cases where it's possible. This code will be cross-platform,
all the platform dependent info comes from the syscall table.

It seems I'll just build a bitmask telling what to do for each syscall,
with special cases for the few syscalls that can be handled totally within
BPF by checking the arguments.

My total lines of code is 5k now, I'm not going to use a complex thousands
of lines, badly tested, probably buggy compiler just for BPF support.

> Without something like that or an incredible amount of special care,
> actual portability is probably a pipe dream.

The filter programs are already platform dependent because of the syscall
numbers and sometimes args differences. But that is no reason to make it
even less cross-platform.

Your OTSF compiler won't be able to handle different modes other than
adding a check at the start and having totally orthogonal codes for the
different cases. You can as well have separate filters then. Any other
approach dies because of the added complexity or will be a lot slower.

Greetings,

Indan


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ