Re: [patch] let CONFIG_SECCOMP default to n

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jul 13, 2006 at 12:19:11AM +0200, Ingo Molnar wrote:
> attacked ptrace, implicitly weakening the security perception of other 
> syscall filtering based projects like User Mode Linux. Now what we have 

Note that UML had a security weakness already that allowed to escape
the jail, see bugtraq. Infact his complexity is huge regardless of
ptrace, the security hole probably wasn't even ptrace related (I don't
remember the exact details).

I'm a big fun of UML and other userland virtualization project, my own
ex prof is working on a few of them. That doesn't mean I would use UML
as a jail myself for CPUShare.

In the last two years of existence of seccomp, there has never been a
single bug that could allow to escape the jail, infact there has never
been one that I know if you backtest seccomp. And this track record
will continue.

Even the kernel itself as a whole is less secure than the seccomp
jail, that doesn't mean I want to weaken the perception of anything.
It's a pure matter of probability, the higher the complexity and the
bigger is the size of the project in kernel space, the more likely
there can be bug that can lead to an exploit.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux