From: Andrea Arcangeli <andrea@cpushare.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: chris@scary.beasts.org, Hans Reiser <reiser@namesys.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@osdl.org>
Subject: Re: secure computing for 2.6.7
Date: Mon, 2 Aug 2004 12:25:27 +0200 [thread overview]
Message-ID: <20040802102527.GK6295@dualathlon.random> (raw)
In-Reply-To: <1091401677.31405.3.camel@localhost.localdomain>
Hi Alan,
On Mon, Aug 02, 2004 at 12:08:00AM +0100, Alan Cox wrote:
> One of the things that you can sensibly do I think which will also avoid
> a performance hit is to use the same kernel path as strace and friends
> do for syscall tracing but capture and verify the syscall in kernel mode
> rather than trapping back out. That will at least keep the usual fast
> path unharmed by the security toys.
The usual fast path is already unharmed by the security toys like
syscall auditing and seccomp mode (my only slowdown I introduced with
seccomp was to replace a testb with a testw, that doesn't count as a
slowdown, does it?). The only way to speedup the usual fast path is by
removing ptrace, everything already hooks into the ptrace testb/w.
About ptrace major issue being speed that's mostly true, but I'm not
sure what happens to uml if the tracer gets killed by oom, maybe it just
crashes at the next syscall, maybe not, dunno. I feel a lot safer in
having the secure computing happening inside seccomp than inside uml
from my part. I considered using uml before doing seccomp, but seccomp
was going to be a lot simpler and safer (and faster but I don't need
throughput in read/write/sigreturn/exit ;).
next prev parent reply other threads:[~2004-08-02 10:28 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-04 17:39 secure computing for 2.6.7 andrea
2004-07-04 21:35 ` Andrew Morton
2004-07-04 23:32 ` andrea
2004-07-05 0:37 ` Phy Prabab
2004-10-12 14:24 ` Andrea Arcangeli
2004-10-12 15:32 ` Rik van Riel
2004-10-12 15:59 ` Andrea Arcangeli
2004-10-12 16:28 ` Rik van Riel
2004-10-12 17:46 ` Andrea Arcangeli
2004-10-12 18:04 ` Rik van Riel
2004-10-12 18:10 ` Rik van Riel
2004-10-12 18:29 ` Andrea Arcangeli
2004-07-07 19:27 ` Hans Reiser
2004-08-01 10:22 ` Andrea Arcangeli
2004-08-01 12:01 ` chris
2004-08-01 15:01 ` Andrea Arcangeli
2004-08-01 17:29 ` chris
2004-08-01 18:52 ` Bernd Eckenfels
2004-08-01 20:45 ` Alan Cox
2004-08-01 23:10 ` Andrea Arcangeli
2004-08-01 23:08 ` Alan Cox
2004-08-02 10:25 ` Andrea Arcangeli [this message]
2004-08-01 23:06 ` Andrea Arcangeli
2004-08-02 6:52 ` David Wagner
2004-08-03 12:48 ` Stephen Smalley
2004-08-01 14:55 ` Bernd Eckenfels
2004-08-01 15:51 ` Andrea Arcangeli
2004-08-01 17:24 ` Bernd Eckenfels
2004-08-02 3:17 ` Horst von Brand
2004-08-02 16:31 ` Andrea Arcangeli
2004-08-03 12:40 ` Stephen Smalley
2004-08-03 21:02 ` Alexander Lyamin
2004-08-05 11:47 ` Stephen Smalley
2004-08-04 8:57 ` Hans Reiser
2004-08-05 11:48 ` Stephen Smalley
2004-08-07 23:20 ` Hans Reiser
2004-08-09 12:35 ` Stephen Smalley
[not found] <2ejhQ-4lc-5@gated-at.bofh.it>
[not found] ` <2fqhq-1RU-45@gated-at.bofh.it>
[not found] ` <2olLt-4wI-5@gated-at.bofh.it>
2004-08-02 0:05 ` Andi Kleen
2004-08-02 10:19 ` Andrea Arcangeli
2004-08-02 19:06 ` Rik van Riel
2004-08-02 21:35 ` Andrea Arcangeli
2004-08-04 13:18 ` V13
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040802102527.GK6295@dualathlon.random \
--to=andrea@cpushare.com \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chris@scary.beasts.org \
--cc=linux-kernel@vger.kernel.org \
--cc=reiser@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.