Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120227171132.GB10608@redhat.com>
Date: Mon, 27 Feb 2012 18:11:32 +0100
From: Oleg Nesterov <oleg@...hat.com>
To: Will Drewry <wad@...omium.org>
Cc: linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org,
        linux-doc@...r.kernel.org, kernel-hardening@...ts.openwall.com,
        netdev@...r.kernel.org, x86@...nel.org, arnd@...db.de,
        davem@...emloft.net, hpa@...or.com, mingo@...hat.com,
        peterz@...radead.org, rdunlap@...otime.net, mcgrathr@...omium.org,
        tglx@...utronix.de, luto@....edu, eparis@...hat.com,
        serge.hallyn@...onical.com, djm@...drot.org, scarybeasts@...il.com,
        indan@....nu, pmoore@...hat.com, akpm@...ux-foundation.org,
        corbet@....net, eric.dumazet@...il.com, markus@...omium.org,
        coreyb@...ux.vnet.ibm.com, keescook@...omium.org
Subject: Re: [PATCH v11 07/12] seccomp: add SECCOMP_RET_ERRNO

On 02/24, Will Drewry wrote:
>
>  static u32 seccomp_run_filters(int syscall)
>  {
>  	struct seccomp_filter *f;
> -	u32 ret = SECCOMP_RET_KILL;
>  	static const struct bpf_load_fn fns = {
>  		bpf_load,
>  		sizeof(struct seccomp_data),
>  	};
> +	u32 ret = SECCOMP_RET_ALLOW;
>  	const void *sc_ptr = (const void *)(uintptr_t)syscall;
>  
> +	/* Ensure unexpected behavior doesn't result in failing open. */
> +	if (unlikely(current->seccomp.filter == NULL))
> +		ret = SECCOMP_RET_KILL;

Is "seccomp.filter == NULL" really possible?

Oleg.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.