Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 26 Aug 2020 12:40:24 -0700
From: Kees Cook <>
To: Jens Axboe <>
Cc: Stefano Garzarella <>,
	Christian Brauner <>,
	Jann Horn <>, Jeff Moyer <>,
	Linux FS Devel <>,
	Sargun Dhillon <>,
	Alexander Viro <>,
	Kernel Hardening <>,
	Stefan Hajnoczi <>,
	kernel list <>,
	Aleksa Sarai <>, io-uring <>
Subject: Re: [PATCH v4 0/3] io_uring: add restrictions to support untrusted
 applications and guests

On Wed, Aug 26, 2020 at 10:47:36AM -0600, Jens Axboe wrote:
> On 8/25/20 9:20 AM, Stefano Garzarella wrote:
> > Hi Jens,
> > this is a gentle ping.
> > 
> > I'll respin, using memdup_user() for restriction registration.
> > I'd like to get some feedback to see if I should change anything else.
> > 
> > Do you think it's in good shape?
> As far as I'm concerned, this is fine. But I want to make sure that Kees
> is happy with it, as he's the one that's been making noise on this front.

Oop! Sorry, I didn't realize this was blocked on me. Once I saw how
orthogonal io_uring was to "regular" process trees, I figured this
series didn't need seccomp input. (I mean, I am still concerned about
attack surface reduction, but that seems like a hard problem given
io_uring's design -- it is, however, totally covered by the LSMs, so I'm
satisfied from that perspective.)

I'll go review... thanks for the poke. :)

Kees Cook

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.