[PATCH v2 2/3] arm64: Add seccomp support
Will Deacon
will.deacon at arm.com
Thu Mar 6 10:24:58 EST 2014
On Thu, Mar 06, 2014 at 02:34:46AM +0000, AKASHI Takahiro wrote:
> On 03/01/2014 02:20 AM, Will Deacon wrote:
> > On Tue, Feb 25, 2014 at 09:20:24AM +0000, AKASHI Takahiro wrote:
> > I'm slightly surprised that we do the secure computing check first. Doesn't
> > this allow a debugger to change the syscall to something else after we've
> > decided that it's ok?
>
> To be honest, I just followed other architectures' implementation.
> Can you elaborate any use case that you have in your mind?
My initial thought was that we should do the secure_computing check *after*
the debugger has finished messing around with the registers. However, I
suppose you'd have had to enable ptrace in your seccompd filter for that
scenario to occur, so there's probably not an issue here after all.
Will
More information about the linux-arm-kernel
mailing list