From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=NXjw=DO=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.1 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,
	SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2C1CDC4363C
	for <linux-mm@archiver.kernel.org>; Wed,  7 Oct 2020 09:43:57 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 70B7F20760
	for <linux-mm@archiver.kernel.org>; Wed,  7 Oct 2020 09:43:56 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PeJPY3t2"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 70B7F20760
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 704676B005C; Wed,  7 Oct 2020 05:43:55 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6DB3A6B0062; Wed,  7 Oct 2020 05:43:55 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 57B916B0068; Wed,  7 Oct 2020 05:43:55 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0206.hostedemail.com [216.40.44.206])
	by kanga.kvack.org (Postfix) with ESMTP id 2673E6B005C
	for <linux-mm@kvack.org>; Wed,  7 Oct 2020 05:43:55 -0400 (EDT)
Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id B66BD8249980
	for <linux-mm@kvack.org>; Wed,  7 Oct 2020 09:43:54 +0000 (UTC)
X-FDA: 77344642788.29.teeth67_471057b271ce
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin29.hostedemail.com (Postfix) with ESMTP id 9C2DB18086CDA
	for <linux-mm@kvack.org>; Wed,  7 Oct 2020 09:43:54 +0000 (UTC)
X-HE-Tag: teeth67_471057b271ce
X-Filterd-Recvd-Size: 5371
Received: from mail-lf1-f67.google.com (mail-lf1-f67.google.com [209.85.167.67])
	by imf38.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Wed,  7 Oct 2020 09:43:54 +0000 (UTC)
Received: by mail-lf1-f67.google.com with SMTP id u8so1560140lff.1
        for <linux-mm@kvack.org>; Wed, 07 Oct 2020 02:43:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=4hFktsPwEbTgb6XtsDRKma4HYkbhuyQkfc2EV/sEEq4=;
        b=PeJPY3t2subOODdcZjbaiew8E9wJphH5QHFWTqfxC6QtU6CxaljZFwUYEx4QPPjJ3e
         7JhFK63xaJLx+sEKCfV6i3e63IZyOW90iiF+5UcV8BPXaJOLL0LwzPMBamP9E94yuq2m
         BtZrSMd/o4q3S80lDZt49lc64W0pCWaNMAhopT3Fw6uLxBDxYZba3BOVUaE7/igggED9
         xWWs0dc6C3MgD+0SuWdGA43Lb2jumM0JN253IkT62eD65hwbgH5AdlFYHLdMzbQXG3jF
         HgIxt5c2FXyENDQGf5ieYWurEMIVIeynCnhR1U0x5o4KnctHUYQmBDZQb3aqEEK/kVSl
         XN0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=4hFktsPwEbTgb6XtsDRKma4HYkbhuyQkfc2EV/sEEq4=;
        b=ZFPr/JcebxhgLDnHS+ZCNPlcZHrIyY3lf4oLo59n4llzFY0mKXeDnCO3zL0FVrTZ34
         2gRkfQ45l68lg3uT6C+TmxveDswobzm8sGJtRi5qB6b35HpvJiSXQerMPeG+a8gSH7Ml
         8FehOiUfLk2EPVtqWOabKHlIfaMRqSFunKdz5PE4W0ExPLTOwUjziagWrJPq+aeTyL0n
         ZS98L41bFP+tE7G1NLcDzGhTxHwECg5u4GPmsDdywYwfThReD40C+7DmN42W44LJgI9w
         k8/oBil9D2OLYHUHxY7iU0Nd5t478yX6n03FFKJl2eYZSV7R2zDfE1EZ6TXr5GuxbXsO
         K2dg==
X-Gm-Message-State: AOAM532BX5rMhpdAfHSTAfCtt856Yede/RjjHm436ntpYMIxDhp/4p4A
	p6peSq6ROsIWJ6UKySgdDYU=
X-Google-Smtp-Source: ABdhPJwOsA6j+H5y6KLQz2Es7KBdsCm+M0aNhzRhTbleVU3ReVOQo2YeHiWCEYk6AMu6Y5aAFjL6Jg==
X-Received: by 2002:a05:6512:3692:: with SMTP id d18mr644960lfs.62.1602063832636;
        Wed, 07 Oct 2020 02:43:52 -0700 (PDT)
Received: from [192.168.1.112] (88-114-211-119.elisa-laajakaista.fi. [88.114.211.119])
        by smtp.gmail.com with ESMTPSA id o23sm95757lji.68.2020.10.07.02.43.50
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 07 Oct 2020 02:43:52 -0700 (PDT)
Subject: Re: [PATCH] mm: optionally disable brk()
To: David Laight <David.Laight@ACULAB.COM>,
 'David Hildenbrand' <david@redhat.com>, Michal Hocko <mhocko@suse.com>
Cc: "akpm@linux-foundation.org" <akpm@linux-foundation.org>,
 "linux-mm@kvack.org" <linux-mm@kvack.org>,
 "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
References: <20201002171921.3053-1-toiwoton@gmail.com>
 <653873ef-2a57-37e0-1ac3-fba763652b35@redhat.com>
 <2a0f5ade-d770-c36e-50bc-ff0c8e9dacbf@gmail.com>
 <20201005061248.GN4555@dhcp22.suse.cz>
 <888e62e0-3979-207b-c516-ddfc6b9f3345@redhat.com>
 <4d325e3e-3139-eded-6781-435fb04fb915@gmail.com>
 <9dc586f4-38f0-7956-0ab6-bd7921491606@redhat.com>
 <5fb32353b1964299809fce0c7579a092@AcuMS.aculab.com>
 <b6baf73e-35fd-fe12-bb5f-b9b4e334ae83@redhat.com>
 <23ca06acdfb44b76892857f9e9871241@AcuMS.aculab.com>
From: Topi Miettinen <toiwoton@gmail.com>
Message-ID: <b5c9bf5d-5857-8131-82af-6611d2b7d592@gmail.com>
Date: Wed, 7 Oct 2020 12:43:48 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <23ca06acdfb44b76892857f9e9871241@AcuMS.aculab.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 5.10.2020 15.25, David Laight wrote:
> From: David Hildenbrand
>> Sent: 05 October 2020 13:19
>>
>> On 05.10.20 13:21, David Laight wrote:
>>> From: David Hildenbrand
>>>> Sent: 05 October 2020 10:55
>>> ...
>>>>> If hardening and compatibility are seen as tradeoffs, perhaps there
>>>>> could be a top level config choice (CONFIG_HARDENING_TRADEOFF) for this.
>>>>> It would have options
>>>>> - "compatibility" (default) to gear questions for maximum compatibility,
>>>>> deselecting any hardening options which reduce compatibility
>>>>> - "hardening" to gear questions for maximum hardening, deselecting any
>>>>> compatibility options which reduce hardening
>>>>> - "none/manual": ask all questions like before
>>>>
>>>> I think the general direction is to avoid an exploding set of config
>>>> options. So if there isn't a *real* demand, I guess gluing this to a
>>>> single option ("CONFIG_SECURITY_HARDENING") might be good enough.
>>>
>>> Wouldn't that be better achieved by run-time clobbering
>>> of the syscall vectors?
>>
>> You mean via something like a boot parameter? Possibly yes.
> 
> I was thinking of later.
> Some kind of restricted system might want the 'clobber'
> mount() after everything is running.

Perhaps suitably privileged tasks should be able to install global 
seccomp filters which would disregard any NoNewPrivileges requirements 
and would apply immediately to all tasks. The boot parameter would be 
also nice so that initrd and PID1 would be also restricted. Seccomp 
would also allow more specific filtering than messing with the syscall 
tables.

-Topi