Re: seccomp vs ptrace

From: Andy Lutomirski
Date: Wed Mar 18 2015 - 17:39:27 EST


On Wed, Mar 18, 2015 at 2:30 PM, Serge E. Hallyn <serge@xxxxxxxxxx> wrote:
> Hi,
>
> I'm writing to ask about
>
> The seccomp check will not be run again after the tracer is
> notified. (This means that seccomp-based sandboxes MUST NOT
> allow use of ptrace, even of other sandboxed processes, without
> extreme care; ptracers can use this mechanism to escape.)
>
> This basically means that seccomp cannot be safely used with for instance
> an upstart based container. I've been told that Andy was working on
> changing the order so that ptrace checks would be done before seccomp.
> Is there any update on that? Is it likely to happen? Scrapped?

No, just got stalled because I'm too busy. The code is here:

https://git.kernel.org/cgit/linux/kernel/git/luto/linux.git/log/?h=x86/seccomp

but it's not really adequately tested.

>
> thanks,
> -serge



--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/