* Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs [not found] ` <1333051320-30872-2-git-send-email-wad-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> @ 2012-04-06 19:55 ` Andrew Morton 2012-04-06 20:01 ` Andrew Lutomirski 2012-04-10 19:03 ` Will Drewry 0 siblings, 2 replies; 10+ messages in thread From: Andrew Morton @ 2012-04-06 19:55 UTC (permalink / raw) To: Will Drewry Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA, linux-security-module-u79uwXL29TY76Z2rM5mHXA, linux-arch-u79uwXL29TY76Z2rM5mHXA, linux-doc-u79uwXL29TY76Z2rM5mHXA, kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8, netdev-u79uwXL29TY76Z2rM5mHXA, x86-DgEjT+Ai2ygdnm+yROfE0A, arnd-r2nGTMty4D4, davem-fT/PcQaiUtIeIZ0/mPfg9Q, hpa-YMNOUZJC4hwAvxtiuMwx3w, mingo-H+wXaHxf7aLQT0dZR+AlfA, oleg-H+wXaHxf7aLQT0dZR+AlfA, peterz-wEGCiKHe2LqWVfeAwA7xHQ, rdunlap-/UHa2rfvQTnk1uMJSBkQmQ, mcgrathr-F7+t8E8rja9g9hUCZPvPmw, tglx-hfZtesqFncYOwBW4kG4KsQ, luto-3s7WtUTddSA, eparis-H+wXaHxf7aLQT0dZR+AlfA, serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw, djm-ilwOsaqNJrtAfugRpC6u6w, scarybeasts-Re5JQEeQqe8AvxtiuMwx3w, indan-1J6HnF7K7zE, pmoore-H+wXaHxf7aLQT0dZR+AlfA, corbet-T1hC0tSOHrs, eric.dumazet-Re5JQEeQqe8AvxtiuMwx3w, markus-F7+t8E8rja9g9hUCZPvPmw, coreyb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8, keescook-F7+t8E8rja9g9hUCZPvPmw, jmorris-gx6/JNMH7DfYtjvyW6yDsg, Andy Lutomirski, linux-man-u79uwXL29TY76Z2rM5mHXA On Thu, 29 Mar 2012 15:01:46 -0500 Will Drewry <wad-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> wrote: > From: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org> > > With this set, a lot of dangerous operations (chroot, unshare, etc) > become a lot less dangerous because there is no possibility of > subverting privileged binaries. The changelog doesn't explain the semantics of the new syscall. There's a comment way-down-there which I guess suffices, if you hunt for it. And the changelog doesn't explain why this is being added. Presumably seccomp_filter wants/needs this feature but whowhatwherewhenwhy? Spell it all out, please. The new syscall mode will be documented in the prctl manpage. Please cc linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org and work with Michael on getting this done? > > ... > -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-06 19:55 ` [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs Andrew Morton @ 2012-04-06 20:01 ` Andrew Lutomirski 2012-04-06 20:28 ` Jonathan Corbet 2012-04-10 20:37 ` Rob Landley 2012-04-10 19:03 ` Will Drewry 1 sibling, 2 replies; 10+ messages in thread From: Andrew Lutomirski @ 2012-04-06 20:01 UTC (permalink / raw) To: Andrew Morton Cc: Will Drewry, linux-kernel, linux-security-module, linux-arch, linux-doc, kernel-hardening, netdev, x86, arnd, davem, hpa, mingo, oleg, peterz, rdunlap, mcgrathr, tglx, eparis, serge.hallyn, djm, scarybeasts, indan, pmoore, corbet, eric.dumazet, markus, coreyb, keescook, jmorris, Andy Lutomirski, linux-man On Fri, Apr 6, 2012 at 12:55 PM, Andrew Morton <akpm@linux-foundation.org> wrote: > On Thu, 29 Mar 2012 15:01:46 -0500 > Will Drewry <wad@chromium.org> wrote: > >> From: Andy Lutomirski <luto@amacapital.net> >> >> With this set, a lot of dangerous operations (chroot, unshare, etc) >> become a lot less dangerous because there is no possibility of >> subverting privileged binaries. > > The changelog doesn't explain the semantics of the new syscall. > There's a comment way-down-there which I guess suffices, if you hunt > for it. > > And the changelog doesn't explain why this is being added. Presumably > seccomp_filter wants/needs this feature but whowhatwherewhenwhy? Spell > it all out, please. > > The new syscall mode will be documented in the prctl manpage. Please > cc linux-man@vger.kernel.org and work with Michael on getting this > done? This has been bugging me for awhile. Is there any interest in moving the manpages into the kernel source tree? Then there could be a general requirement that new APIs get documented when they're written. (There are plenty of barely- or incompletely-documented syscalls. futex and relatives come to mind.) --Andy ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-06 20:01 ` Andrew Lutomirski @ 2012-04-06 20:28 ` Jonathan Corbet 2012-04-06 20:37 ` Andrew Lutomirski 2012-04-11 19:31 ` Michael Kerrisk (man-pages) 2012-04-10 20:37 ` Rob Landley 1 sibling, 2 replies; 10+ messages in thread From: Jonathan Corbet @ 2012-04-06 20:28 UTC (permalink / raw) To: Andrew Lutomirski Cc: Andrew Morton, Will Drewry, linux-kernel, linux-security-module, linux-arch, linux-doc, kernel-hardening, netdev, x86, arnd, davem, hpa, mingo, oleg, peterz, rdunlap, mcgrathr, tglx, eparis, serge.hallyn, djm, scarybeasts, indan, pmoore, eric.dumazet, markus, coreyb, keescook, jmorris, Andy Lutomirski, linux-man On Fri, 6 Apr 2012 13:01:17 -0700 Andrew Lutomirski <luto@mit.edu> wrote: > This has been bugging me for awhile. Is there any interest in moving > the manpages into the kernel source tree? Then there could be a > general requirement that new APIs get documented when they're written. Man page (or other documentation) requirements for patch acceptance are a regular kernel summit feature. People seem to think it's a good idea, but actual enforcement of such requirements always seems to be lacking. Lots of people have kind of given up trying. I don't really see that adding the man pages to the tree would help, but I could be wrong... jon ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-06 20:28 ` Jonathan Corbet @ 2012-04-06 20:37 ` Andrew Lutomirski 2012-04-11 19:31 ` Michael Kerrisk (man-pages) 1 sibling, 0 replies; 10+ messages in thread From: Andrew Lutomirski @ 2012-04-06 20:37 UTC (permalink / raw) To: Jonathan Corbet Cc: Andrew Morton, Will Drewry, linux-kernel, linux-security-module, linux-arch, linux-doc, kernel-hardening, netdev, x86, arnd, davem, hpa, mingo, oleg, peterz, rdunlap, mcgrathr, tglx, eparis, serge.hallyn, djm, scarybeasts, indan, pmoore, eric.dumazet, markus, coreyb, keescook, jmorris, Andy Lutomirski, linux-man On Fri, Apr 6, 2012 at 1:28 PM, Jonathan Corbet <corbet@lwn.net> wrote: > On Fri, 6 Apr 2012 13:01:17 -0700 > Andrew Lutomirski <luto@mit.edu> wrote: > >> This has been bugging me for awhile. Is there any interest in moving >> the manpages into the kernel source tree? Then there could be a >> general requirement that new APIs get documented when they're written. > > Man page (or other documentation) requirements for patch acceptance are a > regular kernel summit feature. People seem to think it's a good idea, but > actual enforcement of such requirements always seems to be lacking. Lots > of people have kind of given up trying. I don't really see that adding > the man pages to the tree would help, but I could be wrong... > If it's in the source, then I can send it with git format-patch. If it's out of tree, I have to find the tree, clone the tree, figure out how to submit, and send separate emails. And then whoever checks that I documented it has to figure out where I sent it and how to read it and then try to decide which documentation submission matches which patch submission. (Also, if it's in-tree, then I can build the docs from a kernel tree and have the latest ones. That could be nice.) --Andy ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-06 20:28 ` Jonathan Corbet 2012-04-06 20:37 ` Andrew Lutomirski @ 2012-04-11 19:31 ` Michael Kerrisk (man-pages) 2012-04-12 0:15 ` Michael Kerrisk (man-pages) ` (2 more replies) 1 sibling, 3 replies; 10+ messages in thread From: Michael Kerrisk (man-pages) @ 2012-04-11 19:31 UTC (permalink / raw) To: Jonathan Corbet Cc: Andrew Lutomirski, Andrew Morton, Will Drewry, linux-kernel, linux-security-module, linux-arch, linux-doc, kernel-hardening, netdev, x86, arnd, davem, hpa, mingo, oleg, peterz, rdunlap, mcgrathr, tglx, eparis, serge.hallyn, djm, scarybeasts, indan, pmoore, eric.dumazet, markus, coreyb, keescook, jmorris, Andy Lutomirski, linux-man On Sat, Apr 7, 2012 at 8:28 AM, Jonathan Corbet <corbet@lwn.net> wrote: > On Fri, 6 Apr 2012 13:01:17 -0700 > Andrew Lutomirski <luto@mit.edu> wrote: > >> This has been bugging me for awhile. Is there any interest in moving >> the manpages into the kernel source tree? Then there could be a >> general requirement that new APIs get documented when they're written. > > Man page (or other documentation) requirements for patch acceptance are a > regular kernel summit feature. People seem to think it's a good idea, but > actual enforcement of such requirements always seems to be lacking. Lots > of people have kind of given up trying. I don't really see that adding > the man pages to the tree would help, but I could be wrong... I largely consider this (moving man pages to kernel.org) a technical solution to what is fundamentally a social problem (developers reluctant to write documentation), and doubt that the technical solution would make much difference. I'd love to be proved wrong, but the experiment would require significant start-up effort. (My collected thoughts on this can be found here: http://www.kernel.org/doc/man-pages/todo.html#migrate_to_kernel_source. Note the alternative idea of patch tags mentioned at the end of that text.) Unless, or until there's a paid maintainer, I don't expect things to get significantly better than what they currently are. The quite significant improvements in man-pages since 2004, when I became maintainer were in small part due to the fact that I was for a short period paid to do the work, but in much larger part due to a huge private effort over those years which over the last couple of years is no longer unsustainable for me (man-pages is in competition with requirements for my attention from family, working life, and (seriously!) seismic events), Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface"; http://man7.org/tlpi/ ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-11 19:31 ` Michael Kerrisk (man-pages) @ 2012-04-12 0:15 ` Michael Kerrisk (man-pages) 2012-04-12 0:50 ` Andrew Lutomirski 2012-04-16 19:11 ` Rob Landley 2 siblings, 0 replies; 10+ messages in thread From: Michael Kerrisk (man-pages) @ 2012-04-12 0:15 UTC (permalink / raw) To: Jonathan Corbet Cc: Andrew Lutomirski, Andrew Morton, Will Drewry, linux-kernel, linux-security-module, linux-arch, linux-doc, kernel-hardening, netdev, x86, arnd, davem, hpa, mingo, oleg, peterz, rdunlap, mcgrathr, tglx, eparis, serge.hallyn, djm, scarybeasts, indan, pmoore, eric.dumazet, markus, coreyb, keescook, jmorris, Andy Lutomirski, linux-man > no longer unsustainable for me (man-pages is in competition with ^no longer unsustainable^no longer sustainable ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-11 19:31 ` Michael Kerrisk (man-pages) 2012-04-12 0:15 ` Michael Kerrisk (man-pages) @ 2012-04-12 0:50 ` Andrew Lutomirski 2012-04-16 19:11 ` Rob Landley 2 siblings, 0 replies; 10+ messages in thread From: Andrew Lutomirski @ 2012-04-12 0:50 UTC (permalink / raw) To: mtk.manpages Cc: Jonathan Corbet, Andrew Morton, Will Drewry, linux-kernel, linux-security-module, linux-arch, linux-doc, kernel-hardening, netdev, x86, arnd, davem, hpa, mingo, oleg, peterz, rdunlap, mcgrathr, tglx, eparis, serge.hallyn, djm, scarybeasts, indan, pmoore, eric.dumazet, markus, coreyb, keescook, jmorris, Andy Lutomirski, linux-man On Wed, Apr 11, 2012 at 12:31 PM, Michael Kerrisk (man-pages) <mtk.manpages@gmail.com> wrote: > On Sat, Apr 7, 2012 at 8:28 AM, Jonathan Corbet <corbet@lwn.net> wrote: >> On Fri, 6 Apr 2012 13:01:17 -0700 >> Andrew Lutomirski <luto@mit.edu> wrote: >> >>> This has been bugging me for awhile. Is there any interest in moving >>> the manpages into the kernel source tree? Then there could be a >>> general requirement that new APIs get documented when they're written. >> >> Man page (or other documentation) requirements for patch acceptance are a >> regular kernel summit feature. People seem to think it's a good idea, but >> actual enforcement of such requirements always seems to be lacking. Lots >> of people have kind of given up trying. I don't really see that adding >> the man pages to the tree would help, but I could be wrong... > > I largely consider this (moving man pages to kernel.org) a technical > solution to what is fundamentally a social problem (developers > reluctant to write documentation), and doubt that the technical > solution would make much difference. I'd love to be proved wrong, but > the experiment would require significant start-up effort. (My > collected thoughts on this can be found here: > http://www.kernel.org/doc/man-pages/todo.html#migrate_to_kernel_source. > Note the alternative idea of patch tags mentioned at the end of that > text.) > > Unless, or until there's a paid maintainer, I don't expect things to > get significantly better than what they currently are. The quite > significant improvements in man-pages since 2004, when I became > maintainer were in small part due to the fact that I was for a short > period paid to do the work, but in much larger part due to a huge > private effort over those years which over the last couple of years is > no longer unsustainable for me (man-pages is in competition with > requirements for my attention from family, working life, and > (seriously!) seismic events), Hrm. Maybe someone could convince Andrew and Linus not to pull new syscalls or major ABI features unless the patchset includes full docs. Anyway, I'll write up a detailed description of PR_SET_NO_NEW_PRIVS, stick it in the changelog, and cc linux-doc. --Andy ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-11 19:31 ` Michael Kerrisk (man-pages) 2012-04-12 0:15 ` Michael Kerrisk (man-pages) 2012-04-12 0:50 ` Andrew Lutomirski @ 2012-04-16 19:11 ` Rob Landley 2 siblings, 0 replies; 10+ messages in thread From: Rob Landley @ 2012-04-16 19:11 UTC (permalink / raw) To: mtk.manpages Cc: Jonathan Corbet, Andrew Lutomirski, Andrew Morton, Will Drewry, linux-kernel, linux-security-module, linux-arch, linux-doc, kernel-hardening, netdev, x86, arnd, davem, hpa, mingo, oleg, peterz, rdunlap, mcgrathr, tglx, eparis, serge.hallyn, djm, scarybeasts, indan, pmoore, eric.dumazet, markus, coreyb, keescook, jmorris, Andy Lutomirski, linux-man On 04/11/2012 02:31 PM, Michael Kerrisk (man-pages) wrote: > On Sat, Apr 7, 2012 at 8:28 AM, Jonathan Corbet <corbet@lwn.net> wrote: >> On Fri, 6 Apr 2012 13:01:17 -0700 >> Andrew Lutomirski <luto@mit.edu> wrote: >> >>> This has been bugging me for awhile. Is there any interest in moving >>> the manpages into the kernel source tree? Then there could be a >>> general requirement that new APIs get documented when they're written. >> >> Man page (or other documentation) requirements for patch acceptance are a >> regular kernel summit feature. People seem to think it's a good idea, but >> actual enforcement of such requirements always seems to be lacking. Lots >> of people have kind of given up trying. I don't really see that adding >> the man pages to the tree would help, but I could be wrong... > > I largely consider this (moving man pages to kernel.org) a technical > solution to what is fundamentally a social problem (developers > reluctant to write documentation), and doubt that the technical > solution would make much difference. *nod* *nod* > I'd love to be proved wrong, but > the experiment would require significant start-up effort. (My > collected thoughts on this can be found here: > http://www.kernel.org/doc/man-pages/todo.html#migrate_to_kernel_source. > Note the alternative idea of patch tags mentioned at the end of that > text.) > > Unless, or until there's a paid maintainer, I don't expect things to > get significantly better than what they currently are. Maintainer of which, the man pages or the kernel Documentation directory? I just got handed the Documentation ball (right as relatives were visiting and a couple days before buying a new house, so I've just put _tons_ of time into it so far). I have grandiose plans for cleaning it up, but first I need to get my kernel.org account working again. That said, I think having man-pages in the kernel directory is a bad idea, for reasons I already posted to this thread. > The quite > significant improvements in man-pages since 2004, when I became > maintainer were in small part due to the fact that I was for a short > period paid to do the work, but in much larger part due to a huge > private effort over those years which over the last couple of years is > no longer unsustainable for me (man-pages is in competition with > requirements for my attention from family, working life, and > (seriously!) seismic events), Heh, I know the feeling. :) Circa 2007 I was paid to work on documentation for half a year (hence the http://kernel.org/doc directory I stopped being able to update when kernel.org got hacked). These days it competes with my toybox and aboriginal linux projects, and with my day job. The way I'm looking at it is I'm _curating_ documentation. I'm acting as some kind of of librarian, and my first goal is reshuffling the files in Documentation into some semblance of order so you can see what's there. (I've posted about that before here, moving architecture-specific stuff under an arch subdirectory and so on.) I do sometimes write new documentation, but no human being knows everything there is to know about the kernel. Building expertise is enormously time consuming, That said, if anything was going to move into the kernel moving the syscall info into javadoc might make sense. Something that might help you is the syscall mining script snippet I posted last time: find . -name "*.c" -print0 | \ xargs -n1 -0 sed -n -e 's/.*\(SYSCALL_DEFINE[0-9](\)/\1/' \ -e 't got;d;:got;s/).*/)/p;t;N;b got' I might be able to build a script around that which would look up the system call number, figure out which architectures implement this call, find any javadoc at the call site, and so on. That way we could automate this a bit. For example, kernel/fork.c has two syscalls: SYSCALL_DEFINE1(set_tid_address, int __user *, tidptr) /* * unshare allows a process to 'unshare' part of the process * context which was originally shared using clone. copy_* * functions used by do_fork() cannot be used here directly * because they modify an inactive task_struct that is being * constructed. Here we are modifying the current, active, * task_struct. */ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) Both of these have man pages which provide way more info than the comments (if any). Is there any sort of javadoc comment before the syscall that might provide useful information you could automatically harvest? Some sort of standard header briefly defining the syscall? (P.S. Speaking of man 2 unshare, what's with the #define _GNU_SOURCE for a new linux kernel syscall? What the heck does the FSF have to do with anything? This didn't used to be needed in ubuntu 10.04 but then the headers changed to match the man page, which I found sad...) > Cheers, > > Michael Rob -- GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code. Either it's "mere aggregation", or a license violation. Pick one. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-06 20:01 ` Andrew Lutomirski 2012-04-06 20:28 ` Jonathan Corbet @ 2012-04-10 20:37 ` Rob Landley 1 sibling, 0 replies; 10+ messages in thread From: Rob Landley @ 2012-04-10 20:37 UTC (permalink / raw) To: Andrew Lutomirski Cc: Andrew Morton, Will Drewry, linux-kernel, linux-security-module, linux-arch, linux-doc, kernel-hardening, netdev, x86, arnd, davem, hpa, mingo, oleg, peterz, rdunlap, mcgrathr, tglx, eparis, serge.hallyn, djm, scarybeasts, indan, pmoore, corbet, eric.dumazet, markus, coreyb, keescook, jmorris, Andy Lutomirski, linux-man On 04/06/2012 03:01 PM, Andrew Lutomirski wrote: > On Fri, Apr 6, 2012 at 12:55 PM, Andrew Morton > <akpm@linux-foundation.org> wrote: >> On Thu, 29 Mar 2012 15:01:46 -0500 >> Will Drewry <wad@chromium.org> wrote: >> >>> From: Andy Lutomirski <luto@amacapital.net> >>> >>> With this set, a lot of dangerous operations (chroot, unshare, etc) >>> become a lot less dangerous because there is no possibility of >>> subverting privileged binaries. >> >> The changelog doesn't explain the semantics of the new syscall. >> There's a comment way-down-there which I guess suffices, if you hunt >> for it. >> >> And the changelog doesn't explain why this is being added. Presumably >> seccomp_filter wants/needs this feature but whowhatwherewhenwhy? Spell >> it all out, please. >> >> The new syscall mode will be documented in the prctl manpage. Please >> cc linux-man@vger.kernel.org and work with Michael on getting this >> done? > > This has been bugging me for awhile. Is there any interest in moving > the manpages into the kernel source tree? Not that I know of. I'm pretty sure if the guy maintaining it (Michael Kerrisk) wanted to do that, he could have raised the issue at any time over the past several years. > Then there could be a > general requirement that new APIs get documented when they're written. Because having a Documentation directory, javadoc in the source itself (some of which is combined with the Documentation/DocBook xml files to form the make htmldocs output), menuconfig help text, and a whole buch of scattered readmes does _not_ get new APIs documented as they're written. That isn't even counting git commit comments and mailing list messages in various web archives. Are you going to suck the linux weekly news kernel articles into the tree (http://lwn.net/Kernel/Index)? How about Linux Journal's complete archives going back to 2004 (http://www.linuxjournal.com/magazine)? Or the h-online and kernelnewbies writeups? How about wikipedia pages on interesting kernel topics? The sourceforge pages for userspace projects like lxc.sf.net or i2c-utils? How about that device driver writing tutorial Greg KH recorded in 2008, that's only a 2.8 gigabyte video file. Rusty's Unreliable Guides? Greg KH's blog? (Heck, http://kernelplanet.org). Speaking of videos, here's the 2011 LinuxCon Japan talks: http://video.linux.com/categories/2011-linuxcon-japan And here are videos for the Consumer Electronic Linux Forum: http://free-electrons.com/blog/elc-2012-videos/ (and you can get 2011, 2010, 2006...) Here are Ottawa Linux Symposium papers: http://kernel.org/doc/ols Don't forget IBM Developerworks' library: http://www.ibm.com/developerworks/linux/library/l-linux-kernel/ Have some standards documents: http://www.opengroup.org/onlinepubs/9699919799/ http://busybox.net/~landley/c99-draft.html http://www.unix.org/whitepapers/64bit.html http://refspecs.linuxfoundation.org http://t10.org/scsi-3.htm Here's a random blog post about booting a bare metal "hello world" program on qemu for ARM: http://balau82.wordpress.com/2010/02/28/hello-world-for-bare-metal-arm-using-qemu/ Let's pick a topic, like the ELF loader. Here's the best introduction of how ELF files _really_ work I've seen: http://muppetlabs.com/~breadbox/software/tiny/teensy.html Although http://linuxjournal.com/article/1059 is pretty good too, as were http://linuxjournal.com/article/1060 and http://linuxjournal.com/article/80 as well. And if you want the _details_, here's an extremely dry online book: http;//www.iecc.com/linker/ And here's the first entry in the blog series the guy who wrote "gold" did about writing his new linker: http://www.airs.com/blog/archives/38 And so on, and so forth... > (There are plenty of barely- or incompletely-documented syscalls. > futex and relatives come to mind.) Your proposal does not address this problem. speaking of syscalls, I do note that ever since I tried to add Hexagon support to strace (less fun than it sounds), I've wanted a way to beat proper syscall information out of the kernel headers so I could get not just syscall numbers but how many arguments and a brief stab at the type of each argument. Of course you _can_ get argument type and count, but not from the headers: you have to use moderately horrible sed on the kernel's source code, ala: find . -name "*.c" -print0 | \ xargs -n1 -0 sed -n -e 's/.*\(SYSCALL_DEFINE[0-9](\)/\1/' \ -e 't got;d;:got;s/).*/)/p;t;N;b got' > --Andy Rob -- GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code. Either it's "mere aggregation", or a license violation. Pick one. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs 2012-04-06 19:55 ` [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs Andrew Morton 2012-04-06 20:01 ` Andrew Lutomirski @ 2012-04-10 19:03 ` Will Drewry 1 sibling, 0 replies; 10+ messages in thread From: Will Drewry @ 2012-04-10 19:03 UTC (permalink / raw) To: Andrew Morton, Andrew Lutomirski Cc: linux-kernel, linux-security-module, linux-arch, linux-doc, kernel-hardening, netdev, x86, arnd, davem, hpa, mingo, oleg, peterz, rdunlap, mcgrathr, tglx, eparis, serge.hallyn, djm, scarybeasts, indan, pmoore, corbet, eric.dumazet, markus, coreyb, keescook, jmorris, Andy Lutomirski, linux-man On Fri, Apr 6, 2012 at 2:55 PM, Andrew Morton <akpm@linux-foundation.org> wrote: > On Thu, 29 Mar 2012 15:01:46 -0500 > Will Drewry <wad@chromium.org> wrote: > >> From: Andy Lutomirski <luto@amacapital.net> >> >> With this set, a lot of dangerous operations (chroot, unshare, etc) >> become a lot less dangerous because there is no possibility of >> subverting privileged binaries. > > The changelog doesn't explain the semantics of the new syscall. > There's a comment way-down-there which I guess suffices, if you hunt > for it. I'll bubble up luto's comment into the changelog when I resend the grand-unified-patchset. > And the changelog doesn't explain why this is being added. Presumably > seccomp_filter wants/needs this feature but whowhatwherewhenwhy? Spell > it all out, please. I'll try my hand at that and luto@ can yell at me if I misrepresent. Seem reasonable? > The new syscall mode will be documented in the prctl manpage. Please > cc linux-man@vger.kernel.org and work with Michael on getting this > done? I'll add linux-man to the patch series since this applies to both no_new_privs and seccomp filter. Thanks! >> >> ... >> ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2012-04-16 19:11 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1333051320-30872-1-git-send-email-wad@chromium.org>
[not found] ` <1333051320-30872-2-git-send-email-wad@chromium.org>
[not found] ` <1333051320-30872-2-git-send-email-wad-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
2012-04-06 19:55 ` [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs Andrew Morton
2012-04-06 20:01 ` Andrew Lutomirski
2012-04-06 20:28 ` Jonathan Corbet
2012-04-06 20:37 ` Andrew Lutomirski
2012-04-11 19:31 ` Michael Kerrisk (man-pages)
2012-04-12 0:15 ` Michael Kerrisk (man-pages)
2012-04-12 0:50 ` Andrew Lutomirski
2012-04-16 19:11 ` Rob Landley
2012-04-10 20:37 ` Rob Landley
2012-04-10 19:03 ` Will Drewry
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).