Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Mar 2016 09:24:06 -0700
From: Kees Cook <>
To: Mickaël Salaün <>
Cc: linux-security-module <>, 
	Andreas Gruenbacher <>, Andy Lutomirski <>, 
	Andy Lutomirski <>, Arnd Bergmann <>, 
	Casey Schaufler <>, Daniel Borkmann <>, 
	David Drysdale <>, Eric Paris <>, 
	James Morris <>, Jeff Dike <>, 
	Julien Tinnes <>, Michael Kerrisk <>, Paul Moore <>, 
	Richard Weinberger <>, "Serge E . Hallyn" <>, Stephen Smalley <>, 
	Tetsuo Handa <>, Will Drewry <>, 
	Linux API <>, 
	"" <>
Subject: Re: [RFC v1 00/17] seccomp-object: From attack surface reduction to sandboxing

On Wed, Mar 23, 2016 at 6:46 PM, Mickaël Salaün <> wrote:
> Hi,
> This series is a proof of concept (not ready for production) to extend seccomp
> with the ability to check argument pointers of syscalls as kernel object (e.g.
> file path). This add a needed feature to create a full sandbox managed by
> userland like the Seatbelt/XNU Sandbox or the OpenBSD Pledge. It was initially
> inspired from a partial seccomp-LSM prototype [1] but has evolved a lot since :)

This is interesting! I'd really like to get argument inspection
working. I'm going to spend some time examining this series more
closely, but my initial reaction is that I'm suspicious of the ToCToU
checking -- I'd rather there be no race at all. As for the bug-fixes,
I'll get those pulled in now. Thanks!


Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.