Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF

From: Steven Rostedt
Date: Thu Jan 12 2012 - 10:43:38 EST

Next message: Eric Dumazet: "Re: bnx2-mips-09-6.2.1.b still missing"
Previous message: Felipe Contreras: "Re: [PATCH v2] usb: musb: fix pm_runtime mismatch"
In reply to: Will Drewry: "Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF"
Next in thread: Andrew Lutomirski: "Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2012-01-11 at 11:25 -0600, Will Drewry wrote:

> Filter programs may _only_ cross the execve(2) barrier if last filter
> program was attached by a task with CAP_SYS_ADMIN capabilities in its
> user namespace. Once a task-local filter program is attached from a
> process without privileges, execve will fail. This ensures that only
> privileged parent task can affect its privileged children (e.g., setuid
> binary).

This means that a non privileged user can not run another program with
limited features? How would a process exec another program and filter
it? I would assume that the filter would need to be attached first and
then the execv() would be performed. But after the filter is attached,
the execv is prevented?

Maybe I don't understand this correctly.

-- Steve

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric Dumazet: "Re: bnx2-mips-09-6.2.1.b still missing"
Previous message: Felipe Contreras: "Re: [PATCH v2] usb: musb: fix pm_runtime mismatch"
In reply to: Will Drewry: "Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF"
Next in thread: Andrew Lutomirski: "Re: [RFC,PATCH 1/2] seccomp_filters: system call filtering using BPF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]