| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cda8f13d-79b6-077a-2129-d2d52dc8efd1@oracle.com>
Date: Tue, 27 Feb 2018 16:22:45 -0500
From: chris hyser <chris.hyser@...cle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Andy Lutomirski <luto@...capital.net>,
Linux Containers <containers@...ts.linux-foundation.org>,
Netdev <netdev@...r.kernel.org>, Will Drewry <wad@...omium.org>,
Daniel Borkmann <daniel@...earbox.net>,
Alexei Starovoitov <ast@...nel.org>,
Sargun Dhillon <sargun@...gun.me>,
Alexei Starovoitov <alexei.starovoitov@...il.com>
Subject: Re: [net-next v3 0/2] eBPF seccomp filters
On 02/27/2018 02:19 PM, Kees Cook wrote:
> On Tue, Feb 27, 2018 at 8:59 AM, chris hyser <chris.hyser@...cle.com> wrote:
>> I will try to find that discussion. As someone pointed out here though, eBPF
>
> A good starting point might be this:
> https://lwn.net/Articles/441232/
Thanks. A fair amount of reading referenced there :-). In particular I'll be curious to find out what happened to this idea:
"Essentially, that would make for three choices for each system call: enabled, disabled, or filtered."
Something like that might address some of the security concerns in that a simple go/no go on syscall number need not
incur the performance hit nor increased attack surface of running c/eBPF code, but it is there for argument checking,
etc if you need it. Basically instead of the kernel making the flexibility/performance/security trade-off in advance,
you leave it to user code/policy.
Anyway, lest it is not clear :-), I think your instincts on security and eBPF are dead on. At the same time it is
powerful and useful. So, how to make it optional?
-chrish
Powered by blists - more mailing lists