From: Chris Wright <chrisw@osdl.org>
To: David Wagner <daw-usenet@taverner.cs.berkeley.edu>
Cc: linux-kernel@vger.kernel.org
Subject: Re: seccomp for 2.6.11-rc1-bk8
Date: Fri, 21 Jan 2005 11:17:00 -0800 [thread overview]
Message-ID: <20050121111700.Q469@build.pdx.osdl.net> (raw)
In-Reply-To: <csrje8$bsn$1@abraham.cs.berkeley.edu>; from daw@taverner.cs.berkeley.edu on Fri, Jan 21, 2005 at 06:59:20PM +0000
* David Wagner (daw@taverner.cs.berkeley.edu) wrote:
> There is a simple tweak to ptrace which fixes that: one could add an
> API to specify a set of syscalls that ptrace should not trap on. To get
> seccomp-like semantics, the user program could specify {read,write}, but
> if the user program ever wants to change its policy, it could change that
> set. Solaris /proc (which is what is used for tracing) has this feature.
> I coded up such an extension to ptrace semantics a long time ago, and
> it seemed to work fine for me, though of course I am not a ptrace expert.
Hmm, yeah, that'd be nice. That only leaves the issue of tracer dying
(say from that crazy oom killer ;-).
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2005-01-21 19:18 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-21 10:06 seccomp for 2.6.11-rc1-bk8 Andrea Arcangeli
2005-01-21 12:03 ` Ingo Molnar
2005-01-21 12:47 ` Ingo Molnar
2005-01-21 12:55 ` Ingo Molnar
2005-01-21 21:31 ` Roland McGrath
2005-01-22 3:25 ` Andrea Arcangeli
2005-01-21 20:24 ` Andrea Arcangeli
2005-01-21 17:39 ` Chris Wright
2005-01-21 18:39 ` Rik van Riel
2005-01-21 18:50 ` Chris Wright
2005-01-21 19:55 ` Ingo Molnar
2005-01-21 20:34 ` Andrea Arcangeli
2005-01-21 20:54 ` Ingo Molnar
2005-01-22 2:51 ` Andrea Arcangeli
2005-01-22 10:32 ` Pavel Machek
2005-01-22 17:25 ` Andrea Arcangeli
2005-01-22 19:42 ` Pavel Machek
2005-01-22 23:34 ` Andrea Arcangeli
2005-01-23 0:07 ` Pavel Machek
2005-01-23 0:46 ` Andrea Arcangeli
2005-01-23 0:43 ` Rik van Riel
2005-01-23 0:52 ` Andrea Arcangeli
2005-01-23 4:43 ` Valdis.Kletnieks
2005-01-23 6:11 ` Andrea Arcangeli
2005-01-21 18:59 ` David Wagner
2005-01-21 19:17 ` Chris Wright [this message]
2005-01-23 7:34 ` David Wagner
2005-01-24 15:10 ` Daniel Jacobowitz
2005-02-15 9:25 ` Andrea Arcangeli
2005-02-25 19:01 ` David Wagner
2005-01-21 12:11 ` Pavel Machek
2005-02-15 9:32 ` seccomp for 2.6.11-rc4 Andrea Arcangeli
2005-02-16 5:25 ` Herbert Poetzl
2005-02-18 2:25 ` Andrea Arcangeli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050121111700.Q469@build.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=daw-usenet@taverner.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.