Date: Mon, 15 Aug 2011 11:59:56 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: Solar Designer <solar@...nwall.com> CC: Andi Kleen <andi@...stfloor.org>, Vasiliy Kulikov <segoon@...nwall.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, James Morris <jmorris@...ei.org>, kernel-hardening@...ts.openwall.com, x86@...nel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Will Drewry <wad@...omium.org> Subject: Re: [RFC] x86: restrict pid namespaces to 32 or 64 bit syscalls On 08/15/2011 11:51 AM, Solar Designer wrote: > I agree with you that i386 vs x86-64 vs x32 is one axis and syscall > number is another axis. They are not. ABI is ONE SUBSET OF SYSCALL NUMBERS. > Per-syscall restrictions are also useful, but primarily at a different > level - I'd expect them to be used in specific programs, such as Chrome > and vsftpd. Those programs may also want to limit themselves to a > certain type of syscalls (that is, on the i386 vs x86-64 vs x32 axis), > thereby making use of both features at once. Or they might even have to > do that, depending on how we implement the syscall restrictions. > > Per your suggestion, if I understand correctly, any task that wants to > restrict itself on the i386 vs x86-64 vs x32 axis will have TIF_SECCOMP > set and will incur calls into __secure_computing(). This is unnecessary > overhead for the case when we have a restriction over this axis only, > without per-syscall restrictions. Vasiliy's patch avoids such overhead. There is really no bloody difference between i386 vs x86-64 and, say, sys_oldstat versus sys_stat, or anything else along those lines. Putting in a bunch of ad hoc facilities because of semi-plausible performance wins rather than building a sane filtering facility which can be optimized as a single path is ridiculous. -hpa
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.