From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Lutomirski Subject: Re: [PATCH] seccomp: Add pkru into seccomp_data Date: Thu, 25 Oct 2018 17:49:20 -0700 Message-ID: <7DC76493-28C9-4CAA-9262-E809F52459DB@amacapital.net> References: <20181024153523.10974-1-msammler@mpi-sws.org> <87zhv3nrr0.fsf@oldenburg.str.redhat.com> <11a706bd-060f-41de-118b-bababfd83b3d@mpi-sws.org> <875zxqo0ee.fsf@oldenburg.str.redhat.com> Mime-Version: 1.0 (1.0) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linuxppc-dev-bounces+glppe-linuxppc-embedded-2=m.gmane.org@lists.ozlabs.org Sender: "Linuxppc-dev" To: Kees Cook Cc: Florian Weimer , Will Drewry , Linux API , linuxram@us.ibm.com, Michael Sammler , linuxppc-dev List-Id: linux-api@vger.kernel.org > On Oct 25, 2018, at 5:35 PM, Kees Cook wrote: >=20 >> On Fri, Oct 26, 2018 at 12:00 AM, Andy Lutomirski w= rote: >> You could bite the bullet and add seccomp eBPF support :) >=20 > I'm not convinced this is a good enough reason for gaining the eBPF > attack surface yet. >=20 >=20 Is it an interesting attack surface? It=E2=80=99s certainly scarier if you=E2= =80=99re worried about attacks from the sandbox creator, but the security in= side the sandbox should be more or less equivalent, no?=