Re: [PATCH] seccomp: plug syscall-dodging ptrace hole

From: Kees Cook
Date: Wed Jun 01 2016 - 23:04:10 EST

On Fri, May 27, 2016 at 1:14 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> On Fri, May 27, 2016 at 12:52 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>>> Right, I know, it's aesthetically much nicer that way, but I really
>>> want to stay totally paranoid and keep seccomp absolutely first on the
>>> path.
>>> How about this: we'll use this patch as-is for now, since I'd like to
>>> be able to start getting feedback from the container-using folks ASAP,
>>> and then we can redesign the 2-phase system going forward from there.
>> I think I'd rather change the ABI as few times as possible. On the
>> other hand, it's still early, and I see nothing wrong with adding it
>> to -next.
> To get the ball rolling:
> It's incomplete, but it should be straightforward to finish it. The
> only interesting bit is dealing with SECCOMP_RET_TRACE.

I did a bit more from there (though it needs further cleanup, I see my
"const" fixes landed in the wrong patch), this passes my tests on x86,
the other architectures need reordering and testing:


Kees Cook
Chrome OS & Brillo Security