Re: seccomp vs ptrace

From: Andy Lutomirski
Date: Wed Mar 18 2015 - 17:39:27 EST

Next message: Andrew Morton: "Re: [PATCH V2 3/4] hugetlbfs: accept subpool min_size mount option and setup accordingly"
Previous message: Kees Cook: "Re: seccomp vs ptrace"
In reply to: Andy Lutomirski: "Re: seccomp vs ptrace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Mar 18, 2015 at 2:30 PM, Serge E. Hallyn <serge@xxxxxxxxxx> wrote:
> Hi,
>
> I'm writing to ask about
>
> The seccomp check will not be run again after the tracer is
> notified. (This means that seccomp-based sandboxes MUST NOT
> allow use of ptrace, even of other sandboxed processes, without
> extreme care; ptracers can use this mechanism to escape.)
>
> This basically means that seccomp cannot be safely used with for instance
> an upstart based container. I've been told that Andy was working on
> changing the order so that ptrace checks would be done before seccomp.
> Is there any update on that? Is it likely to happen? Scrapped?

No, just got stalled because I'm too busy. The code is here:

https://git.kernel.org/cgit/linux/kernel/git/luto/linux.git/log/?h=x86/seccomp

but it's not really adequately tested.

>
> thanks,
> -serge

--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH V2 3/4] hugetlbfs: accept subpool min_size mount option and setup accordingly"
Previous message: Kees Cook: "Re: seccomp vs ptrace"
In reply to: Andy Lutomirski: "Re: seccomp vs ptrace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]