From: Kees Cook <keescook@chromium.org>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: ksummit-discuss@lists.linuxfoundation.org
Subject: Re: [Ksummit-discuss] [TECH TOPIC] seccomp feature development
Date: Wed, 20 May 2020 11:05:58 -0700 [thread overview]
Message-ID: <202005201104.72FED15776@keescook> (raw)
In-Reply-To: <20200520163102.GZ23230@ZenIV.linux.org.uk>
On Wed, May 20, 2020 at 05:31:02PM +0100, Al Viro wrote:
> On Wed, May 20, 2020 at 09:17:41AM -0700, Kees Cook wrote:
> > As recently outlined[1], there are are a number of seccomp topics that
> > need discussion:
> >
> > - fd passing
> > - deep argument inspection
> > - changing structure sizes
> > - syscall bitmasks
> >
> > Specifically, seccomp needs to grow the ability to inspect Extensible
> > Argument syscalls, which requires that it inspect userspace memory
> > without Time-of-Check/Time-of-Use races and without double-copying.
> > Additionally, since the structures can grow and be nested, there needs
> > to be a way to
>
> ... catch and kill the bullshit ABI "enhancements" that would attempt that
> kind of garbage. I'm not sure why that is seccomp-related, though...
We already have structs passed to syscalls that contain pointers to yet
more structs. Do you mean those should be disallowed? (Personally, I
would love that, but this doesn't seem to match the reality of the
design considerations of those syscalls.)
--
Kees Cook
_______________________________________________
Ksummit-discuss mailing list
Ksummit-discuss@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/ksummit-discuss
next prev parent reply other threads:[~2020-05-20 18:06 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-20 16:17 [Ksummit-discuss] [TECH TOPIC] seccomp feature development Kees Cook
2020-05-20 16:31 ` Al Viro
2020-05-20 18:05 ` Kees Cook [this message]
2020-05-20 18:16 ` Al Viro
2020-05-20 18:27 ` Linus Torvalds
2020-05-20 19:04 ` Kees Cook
2020-05-20 19:08 ` Linus Torvalds
2020-05-20 20:24 ` Christian Brauner
2020-05-20 20:52 ` Kees Cook
2020-05-20 21:02 ` Christian Brauner
2020-05-22 4:06 ` Aleksa Sarai
2020-05-22 7:35 ` Christian Brauner
2020-05-22 11:27 ` Christian Brauner
2020-05-20 22:12 ` Alexei Starovoitov
2020-05-20 23:39 ` Kees Cook
2020-05-21 0:43 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202005201104.72FED15776@keescook \
--to=keescook@chromium.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).