Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 Mar 2016 05:03:10 +0000
From: Loganaden Velvindron <>
Cc: Mickaël Salaün <>, 
	linux-security-module <>, 
	Andreas Gruenbacher <>, Andy Lutomirski <>, 
	Andy Lutomirski <>, Arnd Bergmann <>, 
	Casey Schaufler <>, Daniel Borkmann <>, 
	David Drysdale <>, Eric Paris <>, 
	James Morris <>, Jeff Dike <>, 
	Julien Tinnes <>, Michael Kerrisk <>, Paul Moore <>, 
	Richard Weinberger <>, "Serge E . Hallyn" <>, Stephen Smalley <>, 
	Tetsuo Handa <>, Will Drewry <>, 
	Linux API <>
Subject: Re: Re: [RFC v1 00/17] seccomp-object: From attack
 surface reduction to sandboxing

On Thu, Mar 24, 2016 at 4:24 PM, Kees Cook <> wrote:
> On Wed, Mar 23, 2016 at 6:46 PM, Mickaël Salaün <> wrote:
>> Hi,
>> This series is a proof of concept (not ready for production) to extend seccomp
>> with the ability to check argument pointers of syscalls as kernel object (e.g.
>> file path). This add a needed feature to create a full sandbox managed by
>> userland like the Seatbelt/XNU Sandbox or the OpenBSD Pledge. It was initially
>> inspired from a partial seccomp-LSM prototype [1] but has evolved a lot since :)
> This is interesting! I'd really like to get argument inspection
> working. I'm going to spend some time examining this series more
> closely, but my initial reaction is that I'm suspicious of the ToCToU
> checking -- I'd rather there be no race at all. As for the bug-fixes,
> I'll get those pulled in now. Thanks!

Personally, I love the OpenBSD pledge() mechanism. It makes it so easy
to apply attack surface reduction. If seccomp moves closer to pledge,
that would be great.

See here:

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.