From: Kees Cook <keescook@chromium.org>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: ksummit-discuss@lists.linuxfoundation.org
Subject: Re: [Ksummit-discuss] [TECH TOPIC] seccomp feature development
Date: Wed, 20 May 2020 11:05:58 -0700 [thread overview]
Message-ID: <202005201104.72FED15776@keescook> (raw)
In-Reply-To: <20200520163102.GZ23230@ZenIV.linux.org.uk>
On Wed, May 20, 2020 at 05:31:02PM +0100, Al Viro wrote:
> On Wed, May 20, 2020 at 09:17:41AM -0700, Kees Cook wrote:
> > As recently outlined[1], there are are a number of seccomp topics that
> > need discussion:
> >
> > - fd passing
> > - deep argument inspection
> > - changing structure sizes
> > - syscall bitmasks
> >
> > Specifically, seccomp needs to grow the ability to inspect Extensible
> > Argument syscalls, which requires that it inspect userspace memory
> > without Time-of-Check/Time-of-Use races and without double-copying.
> > Additionally, since the structures can grow and be nested, there needs
> > to be a way to
>
> ... catch and kill the bullshit ABI "enhancements" that would attempt that
> kind of garbage. I'm not sure why that is seccomp-related, though...
We already have structs passed to syscalls that contain pointers to yet
more structs. Do you mean those should be disallowed? (Personally, I
would love that, but this doesn't seem to match the reality of the
design considerations of those syscalls.)
--
Kees Cook
_______________________________________________
Ksummit-discuss mailing list
Ksummit-discuss@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/ksummit-discuss
next prev parent reply other threads:[~2020-05-20 18:06 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-20 16:17 [Ksummit-discuss] [TECH TOPIC] seccomp feature development Kees Cook
2020-05-20 16:31 ` Al Viro
2020-05-20 18:05 ` Kees Cook [this message]
2020-05-20 18:16 ` Al Viro
2020-05-20 18:27 ` Linus Torvalds
2020-05-20 19:04 ` Kees Cook
2020-05-20 19:08 ` Linus Torvalds
2020-05-20 20:24 ` Christian Brauner
2020-05-20 20:52 ` Kees Cook
2020-05-20 21:02 ` Christian Brauner
2020-05-22 4:06 ` Aleksa Sarai
2020-05-22 7:35 ` Christian Brauner
2020-05-22 11:27 ` Christian Brauner
2020-05-20 22:12 ` Alexei Starovoitov
2020-05-20 22:12 ` Alexei Starovoitov
2020-05-20 23:39 ` Kees Cook
2020-05-20 23:39 ` Kees Cook
2020-05-21 0:43 ` Alexei Starovoitov
2020-05-21 0:43 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202005201104.72FED15776@keescook \
--to=keescook@chromium.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.