seccomp and ptrace. what is the correct order?

From: Eric Paris
Date: Mon May 21 2012 - 14:21:57 EST

Next message: Konrad Rzeszutek Wilk: "Re: [Xen-devel] swap: don't do discard if no discard option added"
Previous message: John Stultz: "Re: [PATCH RFC V2 5/6] time: move leap second management into timekeeping core"
Next in thread: Roland McGrath: "Re: seccomp and ptrace. what is the correct order?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Viro ask me a question today and I didn't have a good answer.

Lets assume I set a seccomp filter that will allow read and will
deny/kill ioctl. If something else is tracing me I could call read.
The read will pass the seccomp hook and move onto the ptrace hook.
The tracer could then change the syscall number to ioctl and I would
then actually perform an ioctl.

Is that what we want? Do we want to do the permission check based on
what a process ask at syscall enter or do we want to do the permission
check based on what the kernel is actually going to do on behalf of
the process?

Does the question make sense?

-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Konrad Rzeszutek Wilk: "Re: [Xen-devel] swap: don't do discard if no discard option added"
Previous message: John Stultz: "Re: [PATCH RFC V2 5/6] time: move leap second management into timekeeping core"
Next in thread: Roland McGrath: "Re: seccomp and ptrace. what is the correct order?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]