Re: [RFC PATCH v19 2/5] security: Add new SHOULD_EXEC_CHECK and SHOULD_EXEC_RESTRICT securebits

From: Jarkko Sakkinen
Date: Fri Jul 05 2024 - 18:22:31 EST

Next message: David Heidelberg: "[PATCH v7] dt-bindings: iommu: Convert msm,iommu-v0 to yaml"
Previous message: Mirsad Todorovac: "[PROBLEM net-next] drivers/pnp/pnpbios/core.c:90:20: error: variable ‘value’ set but not used [-Werror=unused-but-set-variable]"
In reply to: Kees Cook: "Re: [RFC PATCH v19 2/5] security: Add new SHOULD_EXEC_CHECK and SHOULD_EXEC_RESTRICT securebits"
Next in thread: Mickaël Salaün: "Re: [RFC PATCH v19 2/5] security: Add new SHOULD_EXEC_CHECK and SHOULD_EXEC_RESTRICT securebits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat Jul 6, 2024 at 12:44 AM EEST, Kees Cook wrote:
> > As explained in the UAPI comments, all parent processes need to be
> > trusted. This meeans that their code is trusted, their seccomp filters
> > are trusted, and that they are patched, if needed, to check file
> > executability.
>
> But we have launchers that apply arbitrary seccomp policy, e.g. minijail
> on Chrome OS, or even systemd on regular distros. In theory, this should
> be handled via other ACLs.

Or a regular web browser? AFAIK seccomp filtering was the tool to make
secure browser tabs in the first place.

BR, Jarkko

Next message: David Heidelberg: "[PATCH v7] dt-bindings: iommu: Convert msm,iommu-v0 to yaml"
Previous message: Mirsad Todorovac: "[PROBLEM net-next] drivers/pnp/pnpbios/core.c:90:20: error: variable ‘value’ set but not used [-Werror=unused-but-set-variable]"
In reply to: Kees Cook: "Re: [RFC PATCH v19 2/5] security: Add new SHOULD_EXEC_CHECK and SHOULD_EXEC_RESTRICT securebits"
Next in thread: Mickaël Salaün: "Re: [RFC PATCH v19 2/5] security: Add new SHOULD_EXEC_CHECK and SHOULD_EXEC_RESTRICT securebits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]