[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering
David Laight
David.Laight at ACULAB.COM
Sat May 14 01:29:27 EST 2011
> ... If you can be completely stateless its easier, but there's
> a reason that stacking security modules is hard. Serge has tried in
the
> past and both dhowells and casey schaufler are working on it right
now.
> Stacking is never as easy as it sounds :)
For a bad example of trying to allow alternate security models
look at NetBSD's kauth code :-)
NetBSD also had issues where some 'system call trace' code
was being used to (try to) apply security - unfortunately
it worked by looking at the user-space buffers on system
call entry - and a multithreaded program can easily arrange
to update them after the initial check!
For trace/event type activities this wouldn't really matter,
for security policy it does.
(I've not looked directly at these event points in linux)
David
More information about the Linuxppc-dev
mailing list