RE: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfilte

To:	"Eric Paris" <eparis@redhat.com>, "Ingo Molnar" <mingo@elte.hu>
Subject:	RE: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering
From:	"David Laight" <David.Laight@ACULAB.COM>
Date:	Fri, 13 May 2011 16:29:27 +0100
Cc:	<linux-mips@linux-mips.org>, <linux-sh@vger.kernel.org>, "Peter Zijlstra" <peterz@infradead.org>, "Frederic Weisbecker" <fweisbec@gmail.com>, "Heiko Carstens" <heiko.carstens@de.ibm.com>, "Oleg Nesterov" <oleg@redhat.com>, "David Howells" <dhowells@redhat.com>, "Paul Mackerras" <paulus@samba.org>, "H. PeterAnvin" <hpa@zytor.com>, <sparclinux@vger.kernel.org>, "Jiri Slaby" <jslaby@suse.cz>, <linux-s390@vger.kernel.org>, "Russell King" <linux@arm.linux.org.uk>, <x86@kernel.org>, "James Morris" <jmorris@namei.org>, "Linus Torvalds" <torvalds@linux-foundation.org>, "Ingo Molnar" <mingo@redhat.com>, <kees.cook@canonical.com>, "Serge E. Hallyn" <serge@hallyn.com>, "Steven Rostedt" <rostedt@goodmis.org>, "Tejun Heo" <tj@kernel.org>, "Thomas Gleixner" <tglx@linutronix.de>, <linux-arm-kernel@lists.infradead.org>, "Michal Marek" <mmarek@suse.cz>, "Michal Simek" <monstr@monstr.eu>, "Will Drewry" <wad@chromium.org>, <linuxppc-dev@lists.ozlabs.org>, <linux-kernel@vger.kernel.org>, "Ralf Baechle" <ralf@linux-mips.org>, "Paul Mundt" <lethal@linux-sh.org>, "Martin Schwidefsky" <schwidefsky@de.ibm.com>, <linux390@de.ibm.com>, "Andrew Morton" <akpm@linux-foundation.org>, <agl@chromium.org>, "David S. Miller" <davem@davemloft.net>
In-reply-to:	<1305299880.2076.31.camel@localhost.localdomain>
Original-recipient:	rfc822;linux-mips@linux-mips.org
Sender:	linux-mips-bounce@linux-mips.org
Thread-index:	AcwRgP+uf4p6VPi/TNeaJPKux9Io6gAAKobQ
Thread-topic:	[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering

> ... If you can be completely stateless its easier, but there's
> a reason that stacking security modules is hard.  Serge has tried in
the
> past and both dhowells and casey schaufler are working on it right
now.
> Stacking is never as easy as it sounds   :)

For a bad example of trying to allow alternate security models
look at NetBSD's kauth code :-)

NetBSD also had issues where some 'system call trace' code
was being used to (try to) apply security - unfortunately
it worked by looking at the user-space buffers on system
call entry - and a multithreaded program can easily arrange
to update them after the initial check!
For trace/event type activities this wouldn't really matter,
for security policy it does.
(I've not looked directly at these event points in linux)

        David

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, (continued) Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Thomas Gleixner Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Peter Zijlstra Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Thomas Gleixner Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Steven Rostedt Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Eric Paris RE: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering, David Laight <= Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Peter Zijlstra Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Eric Paris Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Peter Zijlstra Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Eric Paris Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Will Drewry Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Will Drewry

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	[PATCH] MIPS: AR7: Fix GCC 4.6.0 build error., Alexander Clouter
Next by Date:	Re: [PATCH] MIPS: AR7: Fix GCC 4.6.0 build error., Sergei Shtylyov
Previous by Thread:	Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Eric Paris
Next by Thread:	Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering, Ingo Molnar
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

[PATCH] MIPS: AR7: Fix GCC 4.6.0 build error., Alexander Clouter

Next by Date:

Re: [PATCH] MIPS: AR7: Fix GCC 4.6.0 build error., Sergei Shtylyov

Previous by Thread:

Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Eric Paris

Next by Thread:

Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering, Ingo Molnar

Indexes:

[Date] [Thread] [Top] [All Lists]