ARM audit, seccomp, etc are broken wrt OABI syscalls
Kees Cook
keescook at chromium.org
Thu Nov 7 12:54:09 EST 2013
On Thu, Nov 7, 2013 at 4:55 AM, Henrique de Moraes Holschuh
<hmh at hmh.eng.br> wrote:
> On Tue, 05 Nov 2013, Andy Lutomirski wrote:
>> Maybe the thing to do is to put a warning in the config text for
>> CONFIG_OABI_COMPAT that describes the problems (malicious userspace
>> can confuse syscall auditors, strace, etc.), change the "if in doubt"
>> part to N, and disable seccomp filters if CONFIG_OABI_COMPAT. That
>> might even get Debian to change their default.
>
> Bug reported to the Debian BTS: #728975
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728975
FWIW, Ubuntu has also now disabled OABI_COMPAT going forward:
https://lists.ubuntu.com/archives/kernel-team/2013-November/034242.html
-Kees
--
Kees Cook
Chrome OS Security
More information about the linux-arm-kernel
mailing list