Re: ANN: libseccomp

From: Kees Cook
Date: Mon Apr 09 2012 - 15:16:29 EST

Next message: Larry Finger: "Re: oops on rmmod of rtl8192ce"
Previous message: Williams, Dan J: "Re: [PATCH v2 1/4] of_serial: add support for setup quirks"
In reply to: Paul Moore: "ANN: libseccomp"
Next in thread: Paul Moore: "Re: ANN: libseccomp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 9, 2012 at 11:58 AM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> With the seccomp patches finally stabilizing a bit, it seems like now is a
> good time to announce libseccomp: a library designed to make it easier to
> create complex, architecture independent seccomp filters.
>
> * http://sourceforge.net/projects/libseccomp/
> * git clone git://git.code.sf.net/p/libseccomp/libseccomp

This looks really great; nice work!

I see that the arch check happens during _gen_bpf_build_bpf(), which
is excellent. Do you have any thoughts about including a call to
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) by default as well?

-Kees

--
Kees Cook
ChromeOS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Larry Finger: "Re: oops on rmmod of rtl8192ce"
Previous message: Williams, Dan J: "Re: [PATCH v2 1/4] of_serial: add support for setup quirks"
In reply to: Paul Moore: "ANN: libseccomp"
Next in thread: Paul Moore: "Re: ANN: libseccomp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]