[PATCH] ARM: SECCOMP support

Russell King - ARM Linux linux at arm.linux.org.uk
Sat Sep 25 14:58:05 EDT 2010


On Sat, Sep 25, 2010 at 12:31:07PM -0400, Nicolas Pitre wrote:
> Well, for one thing, the syscall tracing has the ability to change the 
> actual syscall number.  So this looked like a possible hole that could 
> somehow be exploited to escape the seccomp control.  So I went with the 
> safest way.

That is also true for x86 - the seccomp test on x86 is done first,
before the syscall entry trap.



More information about the linux-arm-kernel mailing list