From: Topi Miettinen <toiwoton@gmail.com>
To: David Laight <David.Laight@ACULAB.COM>,
'David Hildenbrand' <david@redhat.com>,
Michal Hocko <mhocko@suse.com>
Cc: "akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] mm: optionally disable brk()
Date: Wed, 7 Oct 2020 12:43:48 +0300 [thread overview]
Message-ID: <b5c9bf5d-5857-8131-82af-6611d2b7d592@gmail.com> (raw)
In-Reply-To: <23ca06acdfb44b76892857f9e9871241@AcuMS.aculab.com>
On 5.10.2020 15.25, David Laight wrote:
> From: David Hildenbrand
>> Sent: 05 October 2020 13:19
>>
>> On 05.10.20 13:21, David Laight wrote:
>>> From: David Hildenbrand
>>>> Sent: 05 October 2020 10:55
>>> ...
>>>>> If hardening and compatibility are seen as tradeoffs, perhaps there
>>>>> could be a top level config choice (CONFIG_HARDENING_TRADEOFF) for this.
>>>>> It would have options
>>>>> - "compatibility" (default) to gear questions for maximum compatibility,
>>>>> deselecting any hardening options which reduce compatibility
>>>>> - "hardening" to gear questions for maximum hardening, deselecting any
>>>>> compatibility options which reduce hardening
>>>>> - "none/manual": ask all questions like before
>>>>
>>>> I think the general direction is to avoid an exploding set of config
>>>> options. So if there isn't a *real* demand, I guess gluing this to a
>>>> single option ("CONFIG_SECURITY_HARDENING") might be good enough.
>>>
>>> Wouldn't that be better achieved by run-time clobbering
>>> of the syscall vectors?
>>
>> You mean via something like a boot parameter? Possibly yes.
>
> I was thinking of later.
> Some kind of restricted system might want the 'clobber'
> mount() after everything is running.
Perhaps suitably privileged tasks should be able to install global
seccomp filters which would disregard any NoNewPrivileges requirements
and would apply immediately to all tasks. The boot parameter would be
also nice so that initrd and PID1 would be also restricted. Seccomp
would also allow more specific filtering than messing with the syscall
tables.
-Topi
next prev parent reply other threads:[~2020-10-07 9:43 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-02 17:19 [PATCH] mm: optionally disable brk() Topi Miettinen
2020-10-02 17:52 ` David Hildenbrand
2020-10-02 21:19 ` David Laight
2020-10-02 21:44 ` Topi Miettinen
2020-10-05 6:12 ` Michal Hocko
2020-10-05 8:11 ` Topi Miettinen
2020-10-05 8:22 ` Michal Hocko
2020-10-05 9:03 ` Topi Miettinen
2020-10-05 14:12 ` Jonathan Corbet
2020-10-05 16:14 ` Topi Miettinen
2020-10-05 9:13 ` David Hildenbrand
2020-10-05 9:20 ` Michal Hocko
2020-10-05 9:47 ` Topi Miettinen
2020-10-05 9:55 ` David Hildenbrand
2020-10-05 11:21 ` David Laight
2020-10-05 12:18 ` David Hildenbrand
2020-10-05 12:25 ` David Laight
2020-10-07 9:43 ` Topi Miettinen [this message]
2020-11-01 11:41 ` Topi Miettinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b5c9bf5d-5857-8131-82af-6611d2b7d592@gmail.com \
--to=toiwoton@gmail.com \
--cc=David.Laight@ACULAB.COM \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).