Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfilte

To:	David Laight <David.Laight@ACULAB.COM>
Subject:	Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering
From:	Ingo Molnar <mingo@elte.hu>
Date:	Mon, 16 May 2011 14:03:02 +0200
Cc:	Eric Paris <eparis@redhat.com>, linux-mips@linux-mips.org, linux-sh@vger.kernel.org, Peter Zijlstra <peterz@infradead.org>, Frederic Weisbecker <fweisbec@gmail.com>, Heiko Carstens <heiko.carstens@de.ibm.com>, Oleg Nesterov <oleg@redhat.com>, David Howells <dhowells@redhat.com>, Paul Mackerras <paulus@samba.org>, "H. PeterAnvin" <hpa@zytor.com>, sparclinux@vger.kernel.org, Jiri Slaby <jslaby@suse.cz>, linux-s390@vger.kernel.org, Russell King <linux@arm.linux.org.uk>, x86@kernel.org, James Morris <jmorris@namei.org>, Linus Torvalds <torvalds@linux-foundation.org>, Ingo Molnar <mingo@redhat.com>, kees.cook@canonical.com, "Serge E. Hallyn" <serge@hallyn.com>, Steven Rostedt <rostedt@goodmis.org>, Tejun Heo <tj@kernel.org>, Thomas Gleixner <tglx@linutronix.de>, linux-arm-kernel@lists.infradead.org, Michal Marek <mmarek@suse.cz>, Michal Simek <monstr@monstr.eu>, Will Drewry <wad@chromium.org>, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Ralf Baechle <ralf@linux-mips.org>, Paul Mundt <lethal@linux-sh.org>, Martin Schwidefsky <schwidefsky@de.ibm.com>, linux390@de.ibm.com, Andrew Morton <akpm@linux-foundation.org>, agl@chromium.org, "David S. Miller" <davem@davemloft.net>
In-reply-to:	<AE90C24D6B3A694183C094C60CF0A2F6D8AD37@saturn3.aculab.com>
Original-recipient:	rfc822;linux-mips@linux-mips.org
References:	<1305299880.2076.31.camel@localhost.localdomain> <AE90C24D6B3A694183C094C60CF0A2F6D8AD37@saturn3.aculab.com>
Sender:	linux-mips-bounce@linux-mips.org
User-agent:	Mutt/1.5.20 (2009-08-17)

* David Laight <David.Laight@ACULAB.COM> wrote:

> [...] unfortunately it worked by looking at the user-space buffers on system 
> call entry - and a multithreaded program can easily arrange to update them 
> after the initial check! [...]

Such problems of reliability/persistency of security checks is exactly one of 
my arguments why this should not be limited to the syscall boundary, if you 
read the example i have provided in this discussion.

Thanks,

        Ingo

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, (continued) Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Peter Zijlstra Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Thomas Gleixner Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Steven Rostedt Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Eric Paris RE: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering, David Laight Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering, Ingo Molnar <= Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Peter Zijlstra Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Eric Paris Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Peter Zijlstra Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Eric Paris Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Will Drewry Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Will Drewry Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar

Previous by Date:	Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar
Next by Date:	Re: reference to non-existent CONFIG_HAVE_GPIO_LIB variable?, Manuel Lauss
Previous by Thread:	RE: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering, David Laight
Next by Thread:	Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering, Ingo Molnar
Indexes:	[Date] [Thread] [Top] [All Lists]