From: Michael Kerrisk <mtk.manpages@googlemail.com>
To: andrea@cpushare.com
Cc: Ivana Varekova <varekova@redhat.com>,
lkml <linux-kernel@vger.kernel.org>,
linux-man@vger.kernel.org
Subject: PR_SET_SECCOMP and PR_GET_SECCOMP doc (and bug?)
Date: Mon, 16 Jun 2008 14:15:13 +0200 [thread overview]
Message-ID: <48565951.40603@gmail.com> (raw)
Andrea,
Below is my attempt to document the SECCOMP prctl() operations that you added
in 2.6.23. Could you please read, and let me know if I have the details
correct. Especially take a look at the description of PR_GET_SECCOMP, whose
operation tends to suggest a thinko:
PR_SET_SECCOMP (since Linux 2.6.23)
Set the secure computing mode for the calling thread. In
the current implementation, arg2 must be 1. After the
secure computing mode has been set to 1, the only system
calls that the thread is permitted to make are read(2),
write(2), _exit(2), and sigreturn(2). Other system calls
result in the delivery of a SIGKILL signal. Secure comput-
ing mode is useful for number-crunching applications that
may need to execute untrusted byte code, perhaps obtained
by reading from a pipe or socket. This operation is only
available if the kernel is configured with CONFIG_SECCOMP
enabled.
PR_GET_SECCOMP (since Linux 2.6.23)
Return the secure computing mode of the calling thread.
Not very useful: if the caller is not in secure computing
mode, this operation returns 0; if the caller is in secure
computing mode, then the prctl() call will cause a SIGKILL
signal to be sent to the process. This operation is only
available if the kernel is configured with CONFIG_SECCOMP
enabled.
Have I misunderstood something? Surely it is not really intended that
PR_GET_SECCOMP be this useless? The alternatives that I can think of would be
that
a) at least the call prctl(PR_GET_SECCOMP) would be among the set of permitted
syscalls in secure computing mode, or
b) there shouldn't be a prctl(PR_GET_SECCOMP) at all.
Cheers,
Michael
next reply other threads:[~2008-06-16 12:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-16 12:15 Michael Kerrisk [this message]
2008-06-16 16:25 ` PR_SET_SECCOMP and PR_GET_SECCOMP doc (and bug?) Andrea Arcangeli
2008-06-17 13:32 ` Michael Kerrisk
2008-06-17 16:12 ` Valdis.Kletnieks
2008-06-17 17:34 ` Andrea Arcangeli
2008-06-17 17:59 ` Michael Kerrisk
2008-06-17 17:35 ` Andrea Arcangeli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48565951.40603@gmail.com \
--to=mtk.manpages@googlemail.com \
--cc=andrea@cpushare.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=varekova@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox