linux-mips
[Top] [All Lists]

RE: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfilte

To: "Eric Paris" <eparis@redhat.com>, "Ingo Molnar" <mingo@elte.hu>
Subject: RE: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering
From: "David Laight" <David.Laight@ACULAB.COM>
Date: Fri, 13 May 2011 16:29:27 +0100
Cc: <linux-mips@linux-mips.org>, <linux-sh@vger.kernel.org>, "Peter Zijlstra" <peterz@infradead.org>, "Frederic Weisbecker" <fweisbec@gmail.com>, "Heiko Carstens" <heiko.carstens@de.ibm.com>, "Oleg Nesterov" <oleg@redhat.com>, "David Howells" <dhowells@redhat.com>, "Paul Mackerras" <paulus@samba.org>, "H. PeterAnvin" <hpa@zytor.com>, <sparclinux@vger.kernel.org>, "Jiri Slaby" <jslaby@suse.cz>, <linux-s390@vger.kernel.org>, "Russell King" <linux@arm.linux.org.uk>, <x86@kernel.org>, "James Morris" <jmorris@namei.org>, "Linus Torvalds" <torvalds@linux-foundation.org>, "Ingo Molnar" <mingo@redhat.com>, <kees.cook@canonical.com>, "Serge E. Hallyn" <serge@hallyn.com>, "Steven Rostedt" <rostedt@goodmis.org>, "Tejun Heo" <tj@kernel.org>, "Thomas Gleixner" <tglx@linutronix.de>, <linux-arm-kernel@lists.infradead.org>, "Michal Marek" <mmarek@suse.cz>, "Michal Simek" <monstr@monstr.eu>, "Will Drewry" <wad@chromium.org>, <linuxppc-dev@lists.ozlabs.org>, <linux-kernel@vger.kernel.org>, "Ralf Baechle" <ralf@linux-mips.org>, "Paul Mundt" <lethal@linux-sh.org>, "Martin Schwidefsky" <schwidefsky@de.ibm.com>, <linux390@de.ibm.com>, "Andrew Morton" <akpm@linux-foundation.org>, <agl@chromium.org>, "David S. Miller" <davem@davemloft.net>
In-reply-to: <1305299880.2076.31.camel@localhost.localdomain>
Original-recipient: rfc822;linux-mips@linux-mips.org
Sender: linux-mips-bounce@linux-mips.org
Thread-index: AcwRgP+uf4p6VPi/TNeaJPKux9Io6gAAKobQ
Thread-topic: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering
> ... If you can be completely stateless its easier, but there's
> a reason that stacking security modules is hard.  Serge has tried in
the
> past and both dhowells and casey schaufler are working on it right
now.
> Stacking is never as easy as it sounds   :)

For a bad example of trying to allow alternate security models
look at NetBSD's kauth code :-)

NetBSD also had issues where some 'system call trace' code
was being used to (try to) apply security - unfortunately
it worked by looking at the user-space buffers on system
call entry - and a multithreaded program can easily arrange
to update them after the initial check!
For trace/event type activities this wouldn't really matter,
for security policy it does.
(I've not looked directly at these event points in linux)

        David



<Prev in Thread] Current Thread [Next in Thread>