Re: [PATCH 5/9] sched: prctl() core-scheduling interface

From: Joel Fernandes
Date: Sat Apr 17 2021 - 23:53:41 EST

On Wed, Apr 07, 2021 at 07:00:33PM +0200, Peter Zijlstra wrote:
> On Thu, Apr 01, 2021 at 03:10:17PM +0200, Peter Zijlstra wrote:
> > Current hard-coded policies are:
> >
> > - a user can clear the cookie of any process they can set a cookie for.
> > Lack of a cookie *might* be a security issue if cookies are being used
> > for that.
> ChromeOS people, what are you doing about this? syscall/prctl filtering?

Yes, in ChromeOS, we allow the prctl(2) syscall only before entering the
seccomp sandbox. Once we enter the sandbox, we do not allow the prctl(2).

This has the nice design that the security is enforced on entering the
sandbox, and prior to entering the sandbox, no permissions need be given.

Let me know if that makes sense and if you had any other questions. thanks,