|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Thu, 24 May 2012, Will Drewry wrote: > As is, the biggest benefit of this change is just setting consistent > expectations in what the ptrace/seccomp interactions should be. The > current ability for ptrace to "bypass" secure computing (by remapping > allowed system calls) is not necessarily a problem, but it is not > necessarily intuitive behavior. Indeed -- while the purpose of seccomp is to reduce the attack surface of the syscall interface, if a user allows ptrace, attackers will definitely see that as an attack vector, if it allows them to increase that attack surface. It at least needs to be well-documented. -- James Morris <jmorris@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
[Fedora Maintainers] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
