Re: secure computing for 2.6.7

From: chris
Date: Sun Aug 01 2004 - 07:02:16 EST

Next message: Giuliano Pochini: "SCSI removable devices problem"
Previous message: Jesper Juhl: "[PATCH] fix gcc 3.4 inlining errors in drivers/scsi/dc395x.c"
In reply to: Andrea Arcangeli: "Re: secure computing for 2.6.7"
Next in thread: Andrea Arcangeli: "Re: secure computing for 2.6.7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 1 Aug 2004, Andrea Arcangeli wrote:

> sounds like yes. However what I'm doing with the seccomp [2] mode is
> much order of magnitude simpler and less generic, so I don't expect it
> will be useful to many apps. When you mention in your document that

Hi Andrea,

Do you have plans to generalize seccomp into somelike like a "syscall
firewall"? This _would_ be useful to many apps, and provide good security
benefits - for example, vsftpd does not need most of the previously-buggy
syscalls such as sysctl(), mremap() and execve(). But it does need more
than just read(), write() and exit()!

Cheers
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Giuliano Pochini: "SCSI removable devices problem"
Previous message: Jesper Juhl: "[PATCH] fix gcc 3.4 inlining errors in drivers/scsi/dc395x.c"
In reply to: Andrea Arcangeli: "Re: secure computing for 2.6.7"
Next in thread: Andrea Arcangeli: "Re: secure computing for 2.6.7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]