From: Steven Rostedt <rostedt@goodmis.org>
To: Andrew Lutomirski <luto@mit.edu>
Cc: Will Drewry <wad@chromium.org>,
linux-kernel@vger.kernel.org, keescook@chromium.org,
john.johansen@canonical.com, serge.hallyn@canonical.com,
coreyb@linux.vnet.ibm.com, pmoore@redhat.com, eparis@redhat.com,
djm@mindrot.org, torvalds@linux-foundation.org,
segoon@openwall.com, jmorris@namei.org, scarybeasts@gmail.com,
avi@redhat.com, penberg@cs.helsinki.fi, viro@zeniv.linux.org.uk,
mingo@elte.hu, akpm@linux-foundation.org, khilman@ti.com,
borislav.petkov@amd.com, amwang@redhat.com, oleg@redhat.com,
ak@linux.intel.com, eric.dumazet@gmail.com, gregkh@suse.de,
dhowells@redhat.com, daniel.lezcano@free.fr,
linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org, olofj@chromium.org,
mhalcrow@google.com, dlaor@redhat.com
Subject: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF
Date: Thu, 12 Jan 2012 11:27:15 -0500 [thread overview]
Message-ID: <1326385635.7642.89.camel@gandalf.stny.rr.com> (raw)
In-Reply-To: <CAObL_7GVo8rH=Knv=t5VtJG24m7tY9MhNf9QNah+8G9oYiXo6g@mail.gmail.com>
On Thu, 2012-01-12 at 08:14 -0800, Andrew Lutomirski wrote:
> The longer I linger on lists and see neat ideas like this, the more I
> get annoyed that execve is magical. I dream of a distribution that
> doesn't use setuid, file capabilities, selinux transitions on exec, or
> any other privilege changes on exec *at all*.
Is that the fear with filtering on execv? That if we have filters on an
execv calling a setuid program that we change the behavior of that
privileged program and might cause unexpected results?
In that case, just have execv fail if filtering is enabled and we are
execing a setuid program. But I don't see why non "magical" execv's
should be prohibited.
-- Steve
next prev parent reply other threads:[~2012-01-12 16:27 UTC|newest]
Thread overview: 235+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-11 17:25 [RFC,PATCH 0/2] dynamic seccomp policies (using BPF filters) Will Drewry
2012-01-11 17:25 ` [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Will Drewry
2012-01-12 8:53 ` Serge Hallyn
2012-01-12 16:54 ` Will Drewry
2012-01-12 14:50 ` Oleg Nesterov
2012-01-12 16:55 ` Will Drewry
2012-01-12 15:43 ` Steven Rostedt
2012-01-12 16:14 ` Oleg Nesterov
2012-01-12 16:38 ` Steven Rostedt
2012-01-12 16:47 ` Oleg Nesterov
2012-01-12 17:08 ` Will Drewry
2012-01-12 17:30 ` Jamie Lokier
2012-01-12 17:40 ` Steven Rostedt
2012-01-12 17:44 ` Jamie Lokier
2012-01-12 17:56 ` Steven Rostedt
2012-01-12 23:27 ` Alan Cox
2012-01-12 23:38 ` Linus Torvalds
2012-01-12 22:18 ` Will Drewry
2012-01-12 23:00 ` Andrew Lutomirski
2012-01-12 16:14 ` Andrew Lutomirski
2012-01-12 16:27 ` Steven Rostedt [this message]
2012-01-12 16:51 ` Andrew Lutomirski
2012-01-12 17:09 ` Linus Torvalds
2012-01-12 17:17 ` Steven Rostedt
2012-01-12 18:18 ` Andrew Lutomirski
2012-01-12 18:32 ` Linus Torvalds
2012-01-12 18:44 ` Andrew Lutomirski
2012-01-12 19:08 ` Kyle Moffett
2012-01-12 23:05 ` Eric Paris
2012-01-12 23:33 ` Andrew Lutomirski
2012-01-12 19:40 ` Will Drewry
2012-01-12 19:42 ` Will Drewry
2012-01-12 19:46 ` Andrew Lutomirski
2012-01-12 20:00 ` Linus Torvalds
2012-01-12 16:59 ` Will Drewry
2012-01-12 17:22 ` Jamie Lokier
2012-01-12 17:35 ` Will Drewry
2012-01-12 17:57 ` Jamie Lokier
2012-01-12 18:03 ` Will Drewry
2012-01-13 1:34 ` Jamie Lokier
2012-01-13 2:44 ` Indan Zupancic
2012-01-13 6:33 ` Chris Evans
2012-01-12 17:36 ` Jamie Lokier
2012-01-12 16:18 ` Alan Cox
2012-01-12 17:03 ` Will Drewry
2012-01-12 17:11 ` Alan Cox
2012-01-12 17:52 ` Will Drewry
2012-01-13 1:31 ` James Morris
2012-01-12 16:22 ` Oleg Nesterov
2012-01-12 17:10 ` Will Drewry
2012-01-12 17:23 ` Oleg Nesterov
2012-01-12 17:51 ` Will Drewry
2012-01-13 17:31 ` Oleg Nesterov
2012-01-13 19:01 ` Will Drewry
2012-01-13 23:10 ` Will Drewry
2012-01-13 23:12 ` Will Drewry
2012-01-13 23:30 ` Eric Paris
2012-01-15 3:40 ` Indan Zupancic
2012-01-16 1:40 ` Will Drewry
2012-01-16 6:49 ` Indan Zupancic
2012-01-16 20:12 ` Will Drewry
2012-01-17 6:46 ` Indan Zupancic
2012-01-17 17:37 ` Will Drewry
2012-01-18 4:06 ` Indan Zupancic
2012-01-18 4:38 ` Will Drewry
2012-01-17 20:34 ` Kees Cook
2012-01-17 20:42 ` Will Drewry
2012-01-17 21:09 ` Will Drewry
2012-01-18 4:47 ` Indan Zupancic
2012-01-16 18:37 ` Oleg Nesterov
2012-01-16 20:15 ` Will Drewry
2012-01-17 16:45 ` Oleg Nesterov
2012-01-17 16:56 ` Will Drewry
2012-01-17 17:01 ` Andrew Lutomirski
2012-01-17 17:05 ` Oleg Nesterov
2012-01-17 17:45 ` Andrew Lutomirski
2012-01-18 0:56 ` Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF] Indan Zupancic
2012-01-18 1:01 ` Andrew Lutomirski
2012-01-19 1:06 ` Indan Zupancic
2012-01-19 1:19 ` Andrew Lutomirski
2012-01-19 1:47 ` Indan Zupancic
2012-01-18 1:07 ` Roland McGrath
2012-01-18 1:47 ` Indan Zupancic
2012-01-18 1:48 ` Jamie Lokier
2012-01-18 1:50 ` Andi Kleen
2012-01-18 2:00 ` Steven Rostedt
2012-01-18 2:04 ` Jamie Lokier
2012-01-18 2:22 ` Andi Kleen
2012-01-18 2:25 ` Andrew Lutomirski
2012-01-18 4:22 ` Indan Zupancic
2012-01-18 5:23 ` Linus Torvalds
2012-01-18 6:25 ` Linus Torvalds
2012-01-18 13:12 ` Compat 32-bit syscall entry from 64-bit task!? Indan Zupancic
2012-01-18 19:31 ` Linus Torvalds
2012-01-18 19:36 ` Andi Kleen
2012-01-18 19:39 ` Linus Torvalds
2012-01-18 19:44 ` Andi Kleen
2012-01-18 19:47 ` Linus Torvalds
2012-01-18 19:52 ` Will Drewry
2012-01-18 19:58 ` Will Drewry
2012-01-18 19:41 ` Martin Mares
2012-01-18 19:38 ` Andrew Lutomirski
2012-01-19 16:01 ` Jamie Lokier
2012-01-19 16:13 ` Andrew Lutomirski
2012-01-19 19:21 ` Linus Torvalds
2012-01-19 19:30 ` Andrew Lutomirski
2012-01-19 19:37 ` Linus Torvalds
2012-01-19 19:41 ` Linus Torvalds
2012-01-19 23:54 ` Jamie Lokier
2012-01-20 0:05 ` Linus Torvalds
2012-01-20 15:35 ` Will Drewry
2012-01-20 17:56 ` Roland McGrath
2012-01-20 19:45 ` Will Drewry
2012-01-18 20:26 ` Linus Torvalds
2012-01-18 20:55 ` H. Peter Anvin
2012-01-18 21:01 ` Linus Torvalds
2012-01-18 21:04 ` H. Peter Anvin
2012-01-18 21:21 ` H. Peter Anvin
2012-01-18 21:51 ` Roland McGrath
2012-01-18 21:53 ` H. Peter Anvin
2012-01-18 23:28 ` Linus Torvalds
2012-01-19 0:38 ` H. Peter Anvin
2012-01-20 21:51 ` Denys Vlasenko
2012-01-20 22:40 ` Roland McGrath
2012-01-20 22:41 ` H. Peter Anvin
2012-01-20 23:49 ` Indan Zupancic
2012-01-20 23:55 ` Roland McGrath
2012-01-20 23:58 ` hpanvin@gmail.com
2012-01-23 2:14 ` Indan Zupancic
2012-01-21 0:07 ` Denys Vlasenko
2012-01-21 0:10 ` Roland McGrath
2012-01-21 1:23 ` Jamie Lokier
2012-01-23 2:37 ` Indan Zupancic
2012-01-23 16:48 ` Oleg Nesterov
2012-01-24 8:19 ` Indan Zupancic
2012-02-06 20:30 ` H. Peter Anvin
2012-02-06 20:39 ` Roland McGrath
2012-02-06 20:42 ` H. Peter Anvin
2012-01-18 21:26 ` Linus Torvalds
2012-01-18 21:30 ` H. Peter Anvin
2012-01-18 21:42 ` Linus Torvalds
2012-01-18 21:47 ` H. Peter Anvin
2012-01-19 1:45 ` Indan Zupancic
2012-01-19 2:16 ` H. Peter Anvin
2012-02-06 8:32 ` Indan Zupancic
2012-02-06 17:02 ` H. Peter Anvin
2012-02-07 1:52 ` Indan Zupancic
2012-02-09 0:19 ` H. Peter Anvin
2012-02-09 4:20 ` Indan Zupancic
2012-02-09 4:29 ` H. Peter Anvin
2012-02-09 6:03 ` Indan Zupancic
2012-02-09 14:47 ` H. Peter Anvin
2012-02-09 16:00 ` H.J. Lu
2012-02-10 1:09 ` Indan Zupancic
2012-02-10 1:15 ` H. Peter Anvin
2012-02-10 2:29 ` Indan Zupancic
2012-02-10 2:47 ` H. Peter Anvin
[not found] ` <cc95fcf4b1c28ee6f73e373d04593634.squirrel@webmail.greenhost.nl>
2012-02-10 15:53 ` H. Peter Anvin
2012-02-10 22:42 ` Indan Zupancic
2012-02-10 22:56 ` H. Peter Anvin
2012-02-12 12:07 ` Indan Zupancic
2012-01-25 19:36 ` Oleg Nesterov
2012-01-25 20:20 ` Pedro Alves
2012-01-25 23:36 ` Denys Vlasenko
2012-01-25 23:32 ` Denys Vlasenko
2012-01-26 0:40 ` Indan Zupancic
2012-01-26 1:08 ` Jamie Lokier
2012-01-26 1:22 ` Denys Vlasenko
2012-01-26 6:34 ` Indan Zupancic
2012-01-26 10:31 ` Jamie Lokier
2012-01-26 10:40 ` Denys Vlasenko
2012-01-26 11:01 ` Jamie Lokier
2012-01-26 14:02 ` Denys Vlasenko
2012-01-26 11:19 ` Indan Zupancic
2012-01-26 11:20 ` Indan Zupancic
2012-01-26 11:47 ` Jamie Lokier
2012-01-26 14:05 ` Denys Vlasenko
2012-01-27 7:23 ` Indan Zupancic
2012-02-10 2:02 ` Jamie Lokier
2012-02-10 3:37 ` Indan Zupancic
2012-02-10 21:19 ` Denys Vlasenko
2012-01-26 1:09 ` Denys Vlasenko
2012-01-26 3:47 ` Linus Torvalds
2012-01-26 18:03 ` Denys Vlasenko
2017-03-08 23:41 ` Dmitry V. Levin
2017-03-09 4:39 ` Andrew Lutomirski
2017-03-14 2:57 ` Dmitry V. Levin
2012-01-26 5:57 ` Indan Zupancic
2012-01-26 0:59 ` Jamie Lokier
2012-01-26 1:21 ` Denys Vlasenko
2012-01-26 8:23 ` Pedro Alves
2012-01-26 8:53 ` Denys Vlasenko
2012-01-26 9:51 ` Pedro Alves
2012-01-26 18:44 ` Oleg Nesterov
2012-02-10 2:51 ` Jamie Lokier
2012-01-18 15:04 ` Compat 32-bit syscall entry from 64-bit task!? [was: Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF] Eric Paris
2012-01-18 17:51 ` Linus Torvalds
2012-01-18 5:43 ` Chris Evans
2012-01-18 12:12 ` Indan Zupancic
2012-01-18 21:13 ` Chris Evans
2012-01-19 0:14 ` Indan Zupancic
2012-01-19 8:16 ` Chris Evans
2012-01-19 11:34 ` Indan Zupancic
2012-01-19 16:11 ` Jamie Lokier
2012-01-19 15:40 ` Jamie Lokier
2012-01-18 17:00 ` Oleg Nesterov
2012-01-18 17:12 ` Oleg Nesterov
2012-01-18 21:09 ` Chris Evans
2012-01-23 16:56 ` Oleg Nesterov
2012-01-23 22:23 ` Chris Evans
2012-02-07 11:45 ` Indan Zupancic
2012-01-19 0:29 ` Indan Zupancic
2012-01-18 2:27 ` Linus Torvalds
2012-01-18 2:31 ` Andi Kleen
2012-01-18 2:46 ` Linus Torvalds
2012-01-18 14:06 ` Martin Mares
2012-01-18 18:24 ` Andi Kleen
2012-01-19 16:04 ` Jamie Lokier
2012-01-20 0:21 ` Indan Zupancic
2012-01-20 0:53 ` Linus Torvalds
2012-01-20 2:02 ` Indan Zupancic
2012-01-17 17:06 ` [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF Will Drewry
2012-01-17 19:35 ` Will Drewry
2012-01-12 17:02 ` Andrew Lutomirski
2012-01-16 20:28 ` Will Drewry
2012-01-11 17:25 ` [RFC,PATCH 2/2] Documentation: prctl/seccomp_filter Will Drewry
2012-01-11 20:03 ` Jonathan Corbet
2012-01-11 20:10 ` Will Drewry
2012-01-11 23:19 ` [PATCH v2 " Will Drewry
2012-01-12 0:29 ` Will Drewry
2012-01-12 18:16 ` Randy Dunlap
2012-01-12 17:23 ` Will Drewry
2012-01-12 17:34 ` Steven Rostedt
2012-01-12 13:13 ` [RFC,PATCH " Łukasz Sowa
2012-01-12 17:25 ` Will Drewry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1326385635.7642.89.camel@gandalf.stny.rr.com \
--to=rostedt@goodmis.org \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=amwang@redhat.com \
--cc=avi@redhat.com \
--cc=borislav.petkov@amd.com \
--cc=coreyb@linux.vnet.ibm.com \
--cc=daniel.lezcano@free.fr \
--cc=dhowells@redhat.com \
--cc=djm@mindrot.org \
--cc=dlaor@redhat.com \
--cc=eparis@redhat.com \
--cc=eric.dumazet@gmail.com \
--cc=gregkh@suse.de \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=khilman@ti.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@mit.edu \
--cc=mhalcrow@google.com \
--cc=mingo@elte.hu \
--cc=oleg@redhat.com \
--cc=olofj@chromium.org \
--cc=penberg@cs.helsinki.fi \
--cc=pmoore@redhat.com \
--cc=scarybeasts@gmail.com \
--cc=segoon@openwall.com \
--cc=serge.hallyn@canonical.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).