lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5j+kbqc4GtAypj08T78LjK-OLuo+iudjrctcE0r+GOUDMA@mail.gmail.com>
Date:	Thu, 1 Mar 2012 21:26:23 -0800
From:	Kees Cook <keescook@...omium.org>
To:	Indan Zupancic <indan@....nu>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Stephen Rothwell <sfr@...b.auug.org.au>,
	Will Drewry <wad@...omium.org>, linux-kernel@...r.kernel.org,
	linux-arch@...r.kernel.org, linux-doc@...r.kernel.org,
	kernel-hardening@...ts.openwall.com, netdev@...r.kernel.org,
	x86@...nel.org, arnd@...db.de, davem@...emloft.net, hpa@...or.com,
	mingo@...hat.com, oleg@...hat.com, peterz@...radead.org,
	rdunlap@...otime.net, mcgrathr@...omium.org, tglx@...utronix.de,
	luto@....edu, eparis@...hat.com, serge.hallyn@...onical.com,
	djm@...drot.org, scarybeasts@...il.com, pmoore@...hat.com,
	corbet@....net, eric.dumazet@...il.com, markus@...omium.org,
	coreyb@...ux.vnet.ibm.com
Subject: Re: [PATCH v12 01/13] sk_run_filter: add support for custom load_pointer

On Thu, Mar 1, 2012 at 8:04 PM, Indan Zupancic <indan@....nu> wrote:
> On Fri, March 2, 2012 02:19, Andrew Morton wrote:
>> That assumes that we're going to merge this stuff into 3.4 - if we
>> don't, unwrecker gets rewrecked and grumpy.
>>
>> I don't know if we're going to merge it into 3.4?  I haven't been
>> paying a lot of attention and haven't looked at the patches in a while.
>
> I think it should be merged, but I think 3.5 is probably better.
>
> This because we haven't heard anything from the networking people
> about the BPF changes, and I'm also unsure if the current approach
> is the best one: It both increases the filter.o size significantly
> while slowing down sk_run_filter, while the point was to avoid both.
> I'm trying to think of an alternative approach with lower impact.
>
> The ptrace integration may need some more time to settle too, even
> just to make sure the latest version does what needs to be done.
>
> Both directly affect the user space ABI, so I think it's best to
> not be too hasty with pushing this upstream. Waiting one release
> while having a stable final patch gives people the chance to go
> and try to use it for their purposes and thus both test the code
> more and get experience with the ABI.

Well, IIUC, Eric Dumazet Acked the BPF changes. While I see what
you're saying about waiting for 3.5, it seems like the best way to
really see this stabilize is to get this into 3.4. The various
approaches have been discussed for a while now. Having that wider
testing sooner rather than later seems like the better approach to me.
Waiting for 3.5 just means we'll be waiting until then to do that same
testing. Perhaps Andrew Morton can decide?

Regardless, I've updated my seccomp tree with Will's rebase to Linus's
tree so people can pull from it as need be:

        git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp

-Kees

-- 
Kees Cook
ChromeOS Security
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ