Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACLa4puRJLUd6hAHO6zFYiqa5dFVum8eLmNMk_ef+=r8OGhjRg@mail.gmail.com>
Date: Mon, 21 May 2012 14:21:57 -0400
From: Eric Paris <netdev@...isplace.org>
To: Will Drewry <wad@...omium.org>
Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, 
	kernel-hardening@...ts.openwall.com, hpa@...or.com, mingo@...hat.com, 
	oleg@...hat.com, peterz@...radead.org, rdunlap@...otime.net, 
	mcgrathr@...omium.org, tglx@...utronix.de, luto@....edu, eparis@...hat.com, 
	serge.hallyn@...onical.com, indan@....nu, pmoore@...hat.com, 
	akpm@...ux-foundation.org, corbet@....net, eric.dumazet@...il.com, 
	markus@...omium.org, coreyb@...ux.vnet.ibm.com, keescook@...omium.org
Subject: seccomp and ptrace. what is the correct order?

Viro ask me a question today and I didn't have a good answer.

Lets assume I set a seccomp filter that will allow read and will
deny/kill ioctl.  If something else is tracing me I could call read.
The read will pass the seccomp hook and move onto the ptrace hook.
The tracer could then change the syscall number to ioctl and I would
then actually perform an ioctl.

Is that what we want?  Do we want to do the permission check based on
what a process ask at syscall enter or do we want to do the permission
check based on what the kernel is actually going to do on behalf of
the process?

Does the question make sense?

-Eric

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.