Re: [net-next v3 0/2] eBPF seccomp filters

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: chris hyser <chris.hyser-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
To: Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
Cc: Will Drewry <wad-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
	Daniel Borkmann <daniel-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org>,
	Netdev <netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
	Linux Containers
	<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
	Alexei Starovoitov <ast-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
	Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
	Sargun Dhillon <sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>,
	Alexei Starovoitov
	<alexei.starovoitov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Subject: Re: [net-next v3 0/2] eBPF seccomp filters
Date: Tue, 27 Feb 2018 16:22:45 -0500	[thread overview]
Message-ID: <cda8f13d-79b6-077a-2129-d2d52dc8efd1@oracle.com> (raw)
In-Reply-To: <CAGXu5jKnk90Yruhx_=t8yW2ziLaubqW80pxB95g5W_XnMuT1mA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>

On 02/27/2018 02:19 PM, Kees Cook wrote:
> On Tue, Feb 27, 2018 at 8:59 AM, chris hyser <chris.hyser-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org> wrote:
>> I will try to find that discussion. As someone pointed out here though, eBPF
> 
> A good starting point might be this:
> https://lwn.net/Articles/441232/

Thanks. A fair amount of reading referenced there :-). In particular I'll be curious to find out what happened to this idea:

"Essentially, that would make for three choices for each system call: enabled, disabled, or filtered."

Something like that might address some of the security concerns in that a simple go/no go on syscall number need not 
incur the performance hit nor increased attack surface of running c/eBPF code, but it is there for argument checking, 
etc if you need it. Basically instead of the kernel making the flexibility/performance/security trade-off in advance, 
you leave it to user code/policy.

Anyway, lest it is not clear :-), I think your instincts on security and eBPF are dead on. At the same time it is 
powerful and useful. So, how to make it optional?

-chrish

next prev parent reply	other threads:[~2018-02-27 21:22 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-26  7:26 [net-next v3 0/2] eBPF seccomp filters Sargun Dhillon
     [not found] ` <20180226072651.GA27045-du9IEJ8oIxHXYT48pCVpJ3c7ZZ+wIVaZYkHkVr5ML8kVGlcevz2xqA@public.gmane.org>
2018-02-26 23:04   ` Alexei Starovoitov
2018-02-26 23:20     ` Kees Cook
     [not found]       ` <CAGXu5jLdOcrn16q9pQ7JwTf88AVsL0o5LMJ=4P6vRN36u-_k_g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-27  1:01         ` Tycho Andersen
2018-02-27  3:46           ` Sargun Dhillon
     [not found]             ` <CAMp4zn9BAxv40q56PPsmvXcD000N4ZuAN3g=OF=od18_gT8UEQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-27  4:01               ` Tycho Andersen
2018-02-27  4:19         ` Andy Lutomirski
     [not found]           ` <CALCETrXNODxWkcwF-LbXBn+Ju7QJEyi3JR+spsRX4ecg8d1iMQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-27  4:38             ` Kees Cook
     [not found]               ` <CAGXu5j+64WzxjBnpQxYCU50ak+VqVw1y0W+MWygFodxsDqEZRw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-27  4:54                 ` Andy Lutomirski
     [not found]                   ` <A20EA7DD-94E9-488A-B9FF-D8E2C9F26611-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
2018-02-27 23:10                     ` Mickaël Salaün
     [not found]                       ` <5323e010-09df-26d9-15f5-c723faa13224-WFhQfpSGs3bR7s880joybQ@public.gmane.org>
2018-02-27 23:11                         ` Andy Lutomirski
2018-02-27 14:53                 ` chris hyser
     [not found]                   ` <db759dd2-31dc-d094-251d-d4c1e8af8704-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2018-02-27 16:00                     ` Kees Cook
     [not found]                       ` <CAGXu5j+idW9AjZHVdeedqLOFXriObUJLvcw8-9k5WxyQF8EWrg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-27 16:59                         ` chris hyser
     [not found]                           ` <ddbefdda-f3b8-3956-fa0f-dcba8cf8e7d9-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2018-02-27 19:19                             ` Kees Cook
     [not found]                               ` <CAGXu5jKnk90Yruhx_=t8yW2ziLaubqW80pxB95g5W_XnMuT1mA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-27 21:22                                 ` chris hyser [this message]
2018-02-27 21:58                             ` Daniel Borkmann
     [not found]                               ` <f712a383-8e84-da64-a454-51fdebf28741-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org>
2018-02-27 22:20                                 ` chris hyser
     [not found]                                   ` <7fc0fab8-c1bc-bc76-a892-b3faab7d16ad-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2018-02-27 23:55                                     ` chris hyser
     [not found]                                       ` <4fbef77e-92ad-b896-a259-492412ad4c55-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2018-02-28 19:56                                         ` Daniel Borkmann
     [not found]                                           ` <19cd2e07-5702-1713-6903-e5667250b09d-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org>
2018-03-01  6:46                                             ` chris hyser
2018-03-01 17:44                                             ` Andy Lutomirski
     [not found]                                               ` <CALCETrWugC-M-b2hhKu+Zq6W4w6vDn+bDCURLw48Loa+_SQaqA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-01 21:51                                                 ` Sargun Dhillon
     [not found]                                                   ` <CAMp4zn9g06jTAAycw6hNXF+KsfOM2SXvr1aYywnXyXkEiSO0rA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-01 21:59                                                     ` Andy Lutomirski
     [not found]                                                       ` <CALCETrVQ-V1b58aHxudQNTSn0J8yirsnUghyzjkP-M_Dqptqjg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-01 22:46                                                         ` Sargun Dhillon
2018-03-01 21:54                                                 ` Daniel Borkmann
2018-02-27  0:01     ` Sargun Dhillon
     [not found]       ` <CAMp4zn_Qe0aXhxNzpETBABAhKWF2WkZXnpzrJczbD=6k42OydA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-27  9:28         ` Daniel Borkmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cda8f13d-79b6-077a-2129-d2d52dc8efd1@oracle.com \
    --to=chris.hyser-qhclzuegtsvqt0dzr+alfa@public.gmane.org \
    --cc=alexei.starovoitov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
    --cc=ast-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
    --cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    --cc=daniel-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org \
    --cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
    --cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
    --cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org \
    --cc=wad-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).