Re: [RFC PATCH v1 0/8] Introduce mseal() syscall

From: Linus Torvalds
Date: Tue Oct 17 2023 - 14:38:44 EST

Next message: Samuel Holland: "Re: [PATCH v3 -next 3/3] RISC-V: cacheflush: Initialize CBO variables on ACPI systems"
Previous message: Doug Anderson: "Re: [PATCH v3 5/5] r8152: Block future register access if register access fails"
In reply to: Theo de Raadt: "Re: [RFC PATCH v1 0/8] Introduce mseal() syscall"
Next in thread: Theo de Raadt: "Re: [RFC PATCH v1 0/8] Introduce mseal() syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 17 Oct 2023 at 11:20, Theo de Raadt <deraadt@xxxxxxxxxxx> wrote:
>
> The only case where the immutable marker is ignored is during address space
> teardown as a result of process termination.

.. and presumably also execve()?

I do like us starting with just "mimmutable()", since it already
exists. Particularly if chrome already knows how to use it.

Maybe add a flag field (require it to be zero initially) just to allow
any future expansion. Maybe the chrome team has *wanted* to have some
finer granularity thing and currently doesn't use mimmutable() in some
case?

Linus

Next message: Samuel Holland: "Re: [PATCH v3 -next 3/3] RISC-V: cacheflush: Initialize CBO variables on ACPI systems"
Previous message: Doug Anderson: "Re: [PATCH v3 5/5] r8152: Block future register access if register access fails"
In reply to: Theo de Raadt: "Re: [RFC PATCH v1 0/8] Introduce mseal() syscall"
Next in thread: Theo de Raadt: "Re: [RFC PATCH v1 0/8] Introduce mseal() syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]