What I do in ring=non-supervisor is close all fd's while
checking against an array of exemptions. if /proc is not
mounted I close RLIMIT_NOFILE, if that fails I use a dumb
loop to close everything(slooow). This new system call could
significantly increase the fallback code, but If you use a
range t
On Mon, Mar 25, 2019 at 5:45 PM Linus Torvalds
wrote:
>
> On Fri, Mar 22, 2019 at 11:34 AM Michael Tirado wrote:
> >
> > On Wed, Mar 20, 2019 at 8:08 PM Alexey Dobriyan wrote:
> > >
> > > pidfd code should be backed out immediately. Forget about /proc.
>
On Wed, Mar 20, 2019 at 8:08 PM Alexey Dobriyan wrote:
>
> pidfd code should be backed out immediately. Forget about /proc.
Seems like Torvalds just merges this sort of "stuff" without reading
it now, or there's something that auto accepted pull request to RC tree?
> The pull request you sent on
On Mon, Dec 3, 2018 at 4:52 PM Linus Torvalds
wrote:
>
> On Mon, Dec 3, 2018 at 4:15 AM Pavel Machek wrote:
> >
> > Linus, I don't think Greg is doing good job maintaining this. Can you
> > take the patch?
> > (Or explain what is going on here, because I don't
> > think public has full story).
>
On Fri, Nov 9, 2018 at 9:41 PM Andy Lutomirski wrote:
>
>
>
> > On Nov 9, 2018, at 1:06 PM, Jann Horn wrote:
> >
> > +linux-api for API addition
> > +hughd as FYI since this is somewhat related to mm/shmem
> >
> > On Fri, Nov 9, 2018 at 9:46 PM Joel Fernandes (Google)
> > wrote:
> >> Android use
You hijacked Eric's thread and forgot to CC him?
On Thu, Oct 11, 2018 at 12:49 AM wrote:
>
> Three avenues to rescind GPLv2 property. RAP strategy added.
>
>
> Here's a case in NY where a Software distributor agreement violated New
> York's Rule Against Perpetuities
> McAllister Software Systems,
James, and our other friends,
On Tue, Oct 16, 2018 at 2:59 PM James Bottomley
wrote:
>
> The current code of conduct has an ambiguity
More than one ambiguity. This whole file needs to go.
>* Trolling,
Who decides what is trolling, and what is a technique for raising
awareness or sparking disc
Tycho, Sorry for the duplicate, I forgot to CC the list :(
On Wed, Oct 17, 2018 at 3:00 PM Tycho Andersen wrote:
>
>
> That's one of the use cases, but there are a large number of others. I
> discuss a few in patch 1:
> https://www.spinics.net/lists/linux-containers/msg33956.html
>
Thanks this i
On Thu, Sep 13, 2018 at 12:02 AM Andy Lutomirski wrote:
>
> Or we could have a
> seccomp() mode that adds a filter but only kicks in after execve().
>
> --Andy
Hey that's a pretty good idea, then we could block execve in a seccomp
launcher without post-exec cooperation, or that patch I wrote that
Hey, I'm not seeing much activity on this so here's my $0.02
> Unix socket automatically translates pid attached to SCM_CREDENTIALS.
> This requires CAP_SYS_ADMIN for sending arbitrary pids and entering
> into pid namespace, this expose process and could be insecure.
Perhaps it would be a good i
Been getting beaten up by this bug for a few days now. I made a small
test program for you netfilter experts to try because I'm running out
of ideas over here. Attached is a C program to trigger the BUG_ON. I
have narrowed possible causes down to the portion of my code that
sends NFT_MSG_NEWRULE,
On Tue, Sep 29, 2015 at 11:44 PM, Kees Cook wrote:
> On Thu, Sep 10, 2015 at 2:55 PM, Michael Tirado wrote:
>> On Fri, Sep 4, 2015 at 8:37 PM, Kees Cook wrote:
>>>
>> @@ -196,7 +197,12 @@ static u32 seccomp_run_filters(struct seccomp_data *sd)
>> * value a
Sorry for spamming you guys with my ugly, poorly formatted hack.
I had to change something due to my shallow knowledge of how
multiprocessors / multiple threads sharing a filter would behave.
There may have been a possibility for the deferred integer to rollover
and ruin everything? just in case s
On Fri, Sep 4, 2015 at 8:37 PM, Kees Cook wrote:
>
> Do you still need file capabilities with the availability of the new
> ambient capabilities?
>
> https://s3hh.wordpress.com/2015/07/25/ambient-capabilities/
> http://thread.gmane.org/gmane.linux.kernel.lsm/24034
Ah.. thanks for the info on this
hing
to be exec'd, so if somehow by Thor's hammer that program escapes it's
sandbox, it will only be able to exec itself. I suppose it will have
to now be restricted to absolute paths only.
Thanks everyone for the clarification!
On Fri, Sep 4, 2015 at 4:01 AM, Kees Cook wrote:
>
Hiyall,
I have created a seccomp white list filter for a program that launches
other less trustworthy programs. It's working great so far, but I
have run into a little roadblock. the launcher program needs to call
execve as it's final step, but that may not be present in the white
list. I am wo
16 matches
Mail list logo
