From: Andrea Arcangeli <andrea@cpushare.com>
To: Rik van Riel <riel@redhat.com>
Cc: Andrea Arcangeli <andrea@cpushare.com>,
Pavel Machek <pavel@ucw.cz>, Ingo Molnar <mingo@elte.hu>,
Chris Wright <chrisw@osdl.org>, Andrew Morton <akpm@osdl.org>,
linux-kernel@vger.kernel.org
Subject: Re: seccomp for 2.6.11-rc1-bk8
Date: Sun, 23 Jan 2005 01:52:13 +0100 [thread overview]
Message-ID: <20050123005213.GK7587@dualathlon.random> (raw)
In-Reply-To: <Pine.LNX.4.61.0501221943050.7152@chimarrao.boston.redhat.com>
On Sat, Jan 22, 2005 at 07:43:26PM -0500, Rik van Riel wrote:
> On Sun, 23 Jan 2005, Andrea Arcangeli wrote:
>
> >I'm doing something that requires the maximum level of
> >security ever,
>
> You're kidding, right ?
Why should I be kidding? The client code I'm doing, has to be at least as secure
as ssh and the firewall code, what else has to be more secure than that?
Nor ssh nor the firewall code depends on ptrace for their security. The
nice thing is that I can embed all the security in the kernel with
seccomp, and I'd be a fool not trying it to get it merged and to
complicate my life with ptrace.
Once seccomp is in, I believe there's a chance that security people uses
it for more than Cpushare while I don't think there's a chance you'll
see security people using ptrace_syscall hardcoding the syscall numbers
in every userland app out there that may have to parse untrusted data
with potentially buggy bytecode (i.e. decompression bytecode etc..).
next prev parent reply other threads:[~2005-01-23 0:52 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-21 10:06 seccomp for 2.6.11-rc1-bk8 Andrea Arcangeli
2005-01-21 12:03 ` Ingo Molnar
2005-01-21 12:47 ` Ingo Molnar
2005-01-21 12:55 ` Ingo Molnar
2005-01-21 21:31 ` Roland McGrath
2005-01-22 3:25 ` Andrea Arcangeli
2005-01-21 20:24 ` Andrea Arcangeli
2005-01-21 17:39 ` Chris Wright
2005-01-21 18:39 ` Rik van Riel
2005-01-21 18:50 ` Chris Wright
2005-01-21 19:55 ` Ingo Molnar
2005-01-21 20:34 ` Andrea Arcangeli
2005-01-21 20:54 ` Ingo Molnar
2005-01-22 2:51 ` Andrea Arcangeli
2005-01-22 10:32 ` Pavel Machek
2005-01-22 17:25 ` Andrea Arcangeli
2005-01-22 19:42 ` Pavel Machek
2005-01-22 23:34 ` Andrea Arcangeli
2005-01-23 0:07 ` Pavel Machek
2005-01-23 0:46 ` Andrea Arcangeli
2005-01-23 0:43 ` Rik van Riel
2005-01-23 0:52 ` Andrea Arcangeli [this message]
2005-01-23 4:43 ` Valdis.Kletnieks
2005-01-23 6:11 ` Andrea Arcangeli
2005-01-21 18:59 ` David Wagner
2005-01-21 19:17 ` Chris Wright
2005-01-23 7:34 ` David Wagner
2005-01-24 15:10 ` Daniel Jacobowitz
2005-02-15 9:25 ` Andrea Arcangeli
2005-02-25 19:01 ` David Wagner
2005-01-21 12:11 ` Pavel Machek
2005-02-15 9:32 ` seccomp for 2.6.11-rc4 Andrea Arcangeli
2005-02-16 5:25 ` Herbert Poetzl
2005-02-18 2:25 ` Andrea Arcangeli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050123005213.GK7587@dualathlon.random \
--to=andrea@cpushare.com \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=pavel@ucw.cz \
--cc=riel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox