Re: seccomp for 2.6.11-rc1-bk8

From: Chris Wright
Date: Fri Jan 21 2005 - 14:21:54 EST

Next message: Jesse Barnes: "Re: [ia64] compile error"
Previous message: Rafael J. Wysocki: "Re: [PATCH][RFC] swsusp: speed up image restoring on x86-64"
In reply to: David Wagner: "Re: seccomp for 2.6.11-rc1-bk8"
Next in thread: David Wagner: "Re: seccomp for 2.6.11-rc1-bk8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* David Wagner (daw@xxxxxxxxxxxxxxxxxxxxxxxx) wrote:
> There is a simple tweak to ptrace which fixes that: one could add an
> API to specify a set of syscalls that ptrace should not trap on. To get
> seccomp-like semantics, the user program could specify {read,write}, but
> if the user program ever wants to change its policy, it could change that
> set. Solaris /proc (which is what is used for tracing) has this feature.
> I coded up such an extension to ptrace semantics a long time ago, and
> it seemed to work fine for me, though of course I am not a ptrace expert.

Hmm, yeah, that'd be nice. That only leaves the issue of tracer dying
(say from that crazy oom killer ;-).

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jesse Barnes: "Re: [ia64] compile error"
Previous message: Rafael J. Wysocki: "Re: [PATCH][RFC] swsusp: speed up image restoring on x86-64"
In reply to: David Wagner: "Re: seccomp for 2.6.11-rc1-bk8"
Next in thread: David Wagner: "Re: seccomp for 2.6.11-rc1-bk8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]