Re: secure computing for 2.6.7

[Alan Cox]

On Llu, 2004-08-02 at 00:10, Andrea Arcangeli wrote:
> On Sun, Aug 01, 2004 at 09:45:14PM +0100, Alan Cox wrote:
> > You can already do all of this using several user space applications
> > that manage it via ptrace. They do have a performance hit however.
> 
> the tracer can be killed by oom due some other random app in the
> machine, plus SIGCHLD may confuse the tracer, then it needs to know
> about arch details again (like the bitmap), and the whole ptrace
> infastructure is a lot more complicate and in turn less secure. syscall
> performance is the last worry (at least for my usage).

syscall performance is something the other 99.99% of users not using the
feature will care about however. 

One of the things that you can sensibly do I think which will also avoid
a performance hit is to use the same kernel path as strace and friends
do for syscall tracing but capture and verify the syscall in kernel mode
rather than trapping back out. That will at least keep the usual fast
path unharmed by the security toys.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/