From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: ksummit <ksummit-discuss@lists.linuxfoundation.org>
Subject: Re: [Ksummit-discuss] [TECH TOPIC] seccomp feature development
Date: Wed, 20 May 2020 12:04:04 -0700 [thread overview]
Message-ID: <202005201151.AFA3C9E@keescook> (raw)
In-Reply-To: <CAHk-=wierGOJZhzrj1+R18id-WdfmK=eWT9YfWdCfMvEO+jLLg@mail.gmail.com>
On Wed, May 20, 2020 at 11:27:03AM -0700, Linus Torvalds wrote:
> Don't make this some kind of abstract conceptual problem thing.
> Because it's not.
I have no intention of making this abstract (the requests for expanding
seccomp coverage have been for only a select class of syscalls, and
specifically clone3 and openat2) nor more complicated than it needs to be
(I regularly resist expanding the seccomp BPF dialect into eBPF).
> So details, please.
We've been discussing it all here:
https://lore.kernel.org/lkml/202005181120.971232B7B@keescook/
The example given in the thread was dealing with things like clone3's
struct clone_args's set_tid member, which is a pointer to a dynamically
sized array.
Things seccomp is NOT expected to introspect due to complexity would be
stuff like the bpf() syscall.
Perhaps the question is "how deeply does seccomp need to inspect?"
and maybe it does not get to see anything beyond just the "top level"
struct (i.e. struct clone_args) and all pointers within THAT become
opaque? That certainly simplifies the design.
--
Kees Cook
_______________________________________________
Ksummit-discuss mailing list
Ksummit-discuss@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/ksummit-discuss
next prev parent reply other threads:[~2020-05-20 19:04 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-20 16:17 Kees Cook
2020-05-20 16:31 ` Al Viro
2020-05-20 18:05 ` Kees Cook
2020-05-20 18:16 ` Al Viro
2020-05-20 18:27 ` Linus Torvalds
2020-05-20 19:04 ` Kees Cook [this message]
2020-05-20 19:08 ` Linus Torvalds
2020-05-20 20:24 ` Christian Brauner
2020-05-20 20:52 ` Kees Cook
2020-05-20 21:02 ` Christian Brauner
2020-05-22 4:06 ` Aleksa Sarai
2020-05-22 7:35 ` Christian Brauner
2020-05-22 11:27 ` Christian Brauner
2020-05-20 22:12 ` Alexei Starovoitov
2020-05-20 23:39 ` Kees Cook
2020-05-21 0:43 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202005201151.AFA3C9E@keescook \
--to=keescook@chromium.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox