Date: Fri, 2 Mar 2012 09:12:58 +0100 From: "Indan Zupancic" <indan@....nu> To: "H. Peter Anvin" <hpa@...or.com> Cc: "Will Drewry" <wad@...omium.org>, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, linux-doc@...r.kernel.org, kernel-hardening@...ts.openwall.com, netdev@...r.kernel.org, x86@...nel.org, arnd@...db.de, davem@...emloft.net, mingo@...hat.com, oleg@...hat.com, peterz@...radead.org, rdunlap@...otime.net, mcgrathr@...omium.org, tglx@...utronix.de, luto@....edu, eparis@...hat.com, serge.hallyn@...onical.com, djm@...drot.org, scarybeasts@...il.com, pmoore@...hat.com, akpm@...ux-foundation.org, corbet@....net, eric.dumazet@...il.com, markus@...omium.org, coreyb@...ux.vnet.ibm.com, keescook@...omium.org Subject: Re: [PATCH v12 06/13] seccomp: add system call filtering using BPF On Fri, March 2, 2012 07:55, H. Peter Anvin wrote: > On 03/01/2012 10:43 PM, Indan Zupancic wrote: > Ok, fail on my part - I misread the above to refer to @arch, not > @instruction_pointer. Ah, that explains a lot. >>> -- Pin is a great example. >> Is that http://www.pintool.org/? >> >> Can you explain how knowing the IP is useful for Pin? >> >> All I am asking for is just one use case for providing the IP. Is that >> asking for too much? > > However, it still applies. For something like Pin, Pin may want to trap > on all or a subset from the instrumented program, while the > instrumentation code -- which lives in the same address space -- needs > to execute those same instructions. > > Yes, it's useless for *security* (unless perhaps if you keep very strict > tabs on the flow of control by using debug registers, dynamic > translation or whatnot), but it can be highly useful for > *instrumentation*, where you want to analyze the behavior of a > non-malicious program. That is a good use case indeed, I'm convinced. Thanks, Indan
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.