[PATCH] seccomp: Add pkru into seccomp_data
Kees Cook
keescook at chromium.org
Tue Oct 30 09:01:14 AEDT 2018
On Thu, Oct 25, 2018 at 5:49 PM, Andy Lutomirski <luto at amacapital.net> wrote:
>> On Oct 25, 2018, at 5:35 PM, Kees Cook <keescook at chromium.org> wrote:
>>
>>> On Fri, Oct 26, 2018 at 12:00 AM, Andy Lutomirski <luto at amacapital.net> wrote:
>>> You could bite the bullet and add seccomp eBPF support :)
>>
>> I'm not convinced this is a good enough reason for gaining the eBPF
>> attack surface yet.
>
> Is it an interesting attack surface? It’s certainly scarier if you’re worried about attacks from the sandbox creator, but the security inside the sandbox should be more or less equivalent, no?
Yeah, I'm more worried about the creator: I don't want kernel exploits
via seccomp APIs. :P There have been kind of a long list of
eBPF-related flaws, so I'd really rather not tie seccomp to it. As for
sandbox escapes, I don't think there's too much concern, but I do
worry about "unexpected" situations exposed by eBPF (i.e. maps or
functions not doing what was expected, or allowing map manipulation
from outside). seccomp cBPF is pretty self-contained right now, so I'd
like a strong reason to justify the increase in code complexity and
related attack surface.
--
Kees Cook
More information about the Linuxppc-dev
mailing list