Re: seccomp for 2.6.11-rc1-bk8

From: Ingo Molnar
Date: Fri Jan 21 2005 - 07:06:12 EST

Next message: Bodo Eggert: "Re: 2.4: "access beyond end of device" after ext2 mount"
Previous message: Rodney McDonell: "kern:2.6.8, no cpufreq in sysfs"
In reply to: Andrea Arcangeli: "seccomp for 2.6.11-rc1-bk8"
Next in thread: Ingo Molnar: "Re: seccomp for 2.6.11-rc1-bk8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Andrea Arcangeli <andrea@xxxxxxxxxxxx> wrote:

> This is the seccomp patch ported to 2.6.11-rc1-bk8, that I need for
> Cpushare (until trusted computing will hit the hardware market).
> [...]

why do you need any kernel code for this? This seems to be a limited
ptrace implementation: restricting untrusted userspace code to only be
able to exec read/write/sigreturn.

So this patch, unless i'm missing something, duplicates in essence what
ptrace can do already here and today, on any Linux box, on any CPU. You
can implement your client based on ptrace alone, just like UML does it -
and UML has much more complex needs than secure isolation.

ptrace ought to be perfectly fine for this, it traps every attempt to do
something privileged. [ptrace had its share of security problems but
_not_ many (if any at all) security problems that allowed a ptrace
client to _break out_ of a ptrace jail.]

Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bodo Eggert: "Re: 2.4: "access beyond end of device" after ext2 mount"
Previous message: Rodney McDonell: "kern:2.6.8, no cpufreq in sysfs"
In reply to: Andrea Arcangeli: "seccomp for 2.6.11-rc1-bk8"
Next in thread: Ingo Molnar: "Re: seccomp for 2.6.11-rc1-bk8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]