Re: Chromium sandbox on LoongArch and statx -- seccomp deep argument inspection again?

From: Xi Ruoyao
Date: Wed Feb 21 2024 - 01:37:24 EST

Next message: Kees Cook: "Re: [PATCH] ARM: fault: Implement copy_from_kernel_nofault_allowed()"
Previous message: Stephen Rothwell: "linux-next: Signed-off-by missing for commits in the drm-xe tree"
In reply to: WANG Xuerui: "Chromium sandbox on LoongArch and statx -- seccomp deep argument inspection again?"
Next in thread: Xi Ruoyao: "Re: Chromium sandbox on LoongArch and statx -- seccomp deep argument inspection again?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2024-02-21 at 14:09 +0800, WANG Xuerui wrote:

> - just restore fstat and be done with it;
> - add a flag to statx so we can do the equivalent of just fstat(fd,
> &out) with statx, and ensuring an error happens if path is not empty in
> that case;

It's worse than "just restore fstat" considering the performance. Read
this thread:
https://sourceware.org/pipermail/libc-alpha/2023-September/151320.html

> - tackle the long-standing problem of seccomp deep argument inspection (!).

Frankly I'm never a fan of syscall blocklisting. When I develop the
Online Judge system for the programming contest training in Xidian
University I deliberately avoid using seccomp. This thing is very
likely to break innocent programs with some system change innocent as
well (for example Glibc or libstdc++ update).

--
Xi Ruoyao <xry111@xxxxxxxxxxx>
School of Aerospace Science and Technology, Xidian University

Next message: Kees Cook: "Re: [PATCH] ARM: fault: Implement copy_from_kernel_nofault_allowed()"
Previous message: Stephen Rothwell: "linux-next: Signed-off-by missing for commits in the drm-xe tree"
In reply to: WANG Xuerui: "Chromium sandbox on LoongArch and statx -- seccomp deep argument inspection again?"
Next in thread: Xi Ruoyao: "Re: Chromium sandbox on LoongArch and statx -- seccomp deep argument inspection again?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]