Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering
From: david
Date: Thu May 26 2011 - 15:06:22 EST
On Thu, 26 May 2011, Ingo Molnar wrote:
* Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
It also gets rid of all configuration - one of the things that
makes most security frameworks (look at selinux, but also just
ACL's etc) such a crazy rats nest is the whole "set up for other
processes". If it's designed very much to be about just the "self"
process (after initialization etc), then I think that avoids pretty
much all the serious issues.
That's how the event filters work currently: even when inherited they
get removed when exec-ing a setuid task, so they cannot leak into
privileged context and cannot modify execution there.
Inheritance works when requested, covering only same-credential child
tasks, not privileged successors.
this is a very reasonable default, but there should be some way of saying
that you want the restrictions to carry over to the suid task (I really
know what I'm doing switch)
David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/