From: ebiederm@xmission.com (Eric W. Biederman)
To: Ingo Molnar <mingo@kernel.org>
Cc: linux-arch <linux-arch@vger.kernel.org>,
Paul Eggert <eggert@cs.ucla.edu>,
Andrew Morton <akpm@linux-foundation.org>,
Arnd Bergmann <arnd@arndb.de>,
y2038 Mailman List <y2038@lists.linaro.org>,
Linux API <linux-api@vger.kernel.org>,
the arch/x86 maintainers <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Deepa Dinamani <deepa.kernel@gmail.com>,
Ivan Kokshaysky <ink@jurassic.park.msu.ru>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-alpha@vger.kernel.org, Matt Turner <mattst88@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
Richard Henderson <rth@twiddle.net>
Subject: Re: [PATCH v2 2/2] rusage: allow 64-bit times ru_utime/ru_stime
Date: Sun, 24 Jun 2018 20:26:08 -0500 [thread overview]
Message-ID: <87y3f31wsv.fsf@xmission.com> (raw)
In-Reply-To: <20180624071258.GB29407@gmail.com> (Ingo Molnar's message of "Sun, 24 Jun 2018 09:12:58 +0200")
Ingo Molnar <mingo@kernel.org> writes:
> * Eric W. Biederman <ebiederm@xmission.com> wrote:
>
>> The trouble with attributes is that means you can't filter your system
>> call arguments with seccomp. [...]
>
> There's nothing keeping seccomp from securely fetching those arguments and
> extending filtering to them as well ...
>
> Allowing that would make sense for a lot of other system calls as
> well.
Possibly. The challenge is that if the fetch for the kernel to use
those arguments is different from the fetch of seccomp to test those
arguments you have a time of test vs time of use race.
Given the location of the seccomp hook at the kernel user space border
there is no easy way for seccomp to share the fetch with the system
call itself.
So I don't see how seccomp could perform the fetch securely.
Eric
_______________________________________________
Y2038 mailing list
Y2038@lists.linaro.org
https://lists.linaro.org/mailman/listinfo/y2038
next prev parent reply other threads:[~2018-06-25 1:26 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-20 12:05 [PATCH v2 1/2] y2038: rusage: Use __kernel_old_timeval for process times Arnd Bergmann
2018-04-20 12:05 ` [PATCH v2 2/2] rusage: allow 64-bit times ru_utime/ru_stime Arnd Bergmann
2018-06-21 15:49 ` Ingo Molnar
2018-06-21 16:01 ` Arnd Bergmann
2018-06-21 16:11 ` Ingo Molnar
2018-06-21 16:25 ` Arnd Bergmann
2018-06-22 2:16 ` Ingo Molnar
2018-06-22 17:45 ` Eric W. Biederman
2018-06-24 7:12 ` Ingo Molnar
2018-06-25 1:26 ` Eric W. Biederman [this message]
2018-06-25 9:14 ` Ingo Molnar
2018-06-25 16:21 ` Eric W. Biederman
2018-06-25 11:42 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y3f31wsv.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=deepa.kernel@gmail.com \
--cc=eggert@cs.ucla.edu \
--cc=ink@jurassic.park.msu.ru \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=mattst88@gmail.com \
--cc=mingo@kernel.org \
--cc=rth@twiddle.net \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
--cc=y2038@lists.linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).