Re: [RFC PATCH 0/3] move the secure_computing call

From: James Morris
Date: Thu May 24 2012 - 19:41:07 EST

Next message: Thomas Gleixner: "Re: [PATCH 02/03] clocksource: em_sti: Emma Mobile STI driver V2"
Previous message: Steven Rostedt: "Re: tracing ring_buffer_resize oops."
In reply to: Will Drewry: "Re: [RFC PATCH 0/3] move the secure_computing call"
Next in thread: Andrew Lutomirski: "Re: [RFC PATCH 0/3] move the secure_computing call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 24 May 2012, Will Drewry wrote:

> As is, the biggest benefit of this change is just setting consistent
> expectations in what the ptrace/seccomp interactions should be. The
> current ability for ptrace to "bypass" secure computing (by remapping
> allowed system calls) is not necessarily a problem, but it is not
> necessarily intuitive behavior.

Indeed -- while the purpose of seccomp is to reduce the attack surface of
the syscall interface, if a user allows ptrace, attackers will definitely
see that as an attack vector, if it allows them to increase that attack
surface.

It at least needs to be well-documented.

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Gleixner: "Re: [PATCH 02/03] clocksource: em_sti: Emma Mobile STI driver V2"
Previous message: Steven Rostedt: "Re: tracing ring_buffer_resize oops."
In reply to: Will Drewry: "Re: [RFC PATCH 0/3] move the secure_computing call"
Next in thread: Andrew Lutomirski: "Re: [RFC PATCH 0/3] move the secure_computing call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]