Re: Compat 32-bit syscall entry from 64-bit task!?

From: Martin Mares
Date: Wed Jan 18 2012 - 14:41:23 EST

Next message: Stephen Warren: "RE: Pinmux bindings proposal"
Previous message: Linus Torvalds: "Re: Compat 32-bit syscall entry from 64-bit task!?"
In reply to: Will Drewry: "Re: Compat 32-bit syscall entry from 64-bit task!?"
Next in thread: Andrew Lutomirski: "Re: Compat 32-bit syscall entry from 64-bit task!?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

> The real fix is really to use a LSM for custom jails. Trying to make
> ptrace secure is trying to make a sieve wather tight by plugging the individual
> holes one by one. It's simply not suitable for this.

As long as the set of syscalls which are permitted is trivial,
it should be secure and much easier than writing a custom LSM.

Regardless, having working strace would be nice.

Have a nice fortnight
--
Martin `MJ' Mares <mj@xxxxxx> http://mj.ucw.cz/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
"Never send to know for whom the bell tolls: it tolls for thee." -- John Donne
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Warren: "RE: Pinmux bindings proposal"
Previous message: Linus Torvalds: "Re: Compat 32-bit syscall entry from 64-bit task!?"
In reply to: Will Drewry: "Re: Compat 32-bit syscall entry from 64-bit task!?"
Next in thread: Andrew Lutomirski: "Re: Compat 32-bit syscall entry from 64-bit task!?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]