|
Message-ID: <CACLa4puRJLUd6hAHO6zFYiqa5dFVum8eLmNMk_ef+=r8OGhjRg@mail.gmail.com> Date: Mon, 21 May 2012 14:21:57 -0400 From: Eric Paris <netdev@...isplace.org> To: Will Drewry <wad@...omium.org> Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, kernel-hardening@...ts.openwall.com, hpa@...or.com, mingo@...hat.com, oleg@...hat.com, peterz@...radead.org, rdunlap@...otime.net, mcgrathr@...omium.org, tglx@...utronix.de, luto@....edu, eparis@...hat.com, serge.hallyn@...onical.com, indan@....nu, pmoore@...hat.com, akpm@...ux-foundation.org, corbet@....net, eric.dumazet@...il.com, markus@...omium.org, coreyb@...ux.vnet.ibm.com, keescook@...omium.org Subject: seccomp and ptrace. what is the correct order? Viro ask me a question today and I didn't have a good answer. Lets assume I set a seccomp filter that will allow read and will deny/kill ioctl. If something else is tracing me I could call read. The read will pass the seccomp hook and move onto the ptrace hook. The tracer could then change the syscall number to ioctl and I would then actually perform an ioctl. Is that what we want? Do we want to do the permission check based on what a process ask at syscall enter or do we want to do the permission check based on what the kernel is actually going to do on behalf of the process? Does the question make sense? -Eric
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.