Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering

From: Ingo Molnar
Date: Thu May 26 2011 - 14:47:40 EST

Next message: H Hartley Sweeten: "RE: [PATCH 1/5] dmaengine: add ep93xx DMA support"
Previous message: Andi Kleen: "Re: [PATCH 5/5] Hook up sysconf syscall for all architectures"
In reply to: Linus Torvalds: "Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering"
Next in thread: david: "Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

> It also gets rid of all configuration - one of the things that
> makes most security frameworks (look at selinux, but also just
> ACL's etc) such a crazy rats nest is the whole "set up for other
> processes". If it's designed very much to be about just the "self"
> process (after initialization etc), then I think that avoids pretty
> much all the serious issues.

That's how the event filters work currently: even when inherited they
get removed when exec-ing a setuid task, so they cannot leak into
privileged context and cannot modify execution there.

Inheritance works when requested, covering only same-credential child
tasks, not privileged successors.

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: H Hartley Sweeten: "RE: [PATCH 1/5] dmaengine: add ep93xx DMA support"
Previous message: Andi Kleen: "Re: [PATCH 5/5] Hook up sysconf syscall for all architectures"
In reply to: Linus Torvalds: "Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering"
Next in thread: david: "Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]