On Thu, Oct 25, 2018 at 5:49 PM, Andy Lutomirski wrote:
>> On Oct 25, 2018, at 5:35 PM, Kees Cook wrote:
>>
>>> On Fri, Oct 26, 2018 at 12:00 AM, Andy Lutomirski
>>> wrote:
>>> You could bite the bullet and add seccomp eBPF support :)
>>
>> I'm not convinced this is a good enough reason for gai
On Thu, Oct 25, 2018 at 11:12:25AM +0200, Florian Weimer wrote:
> * Michael Sammler:
>
> > Thank you for the pointer about the POWER implementation. I am not
> > familiar with POWER in general and its protection key feature at
> > all. Would the AMR register be the correct register to expose here?
> On Oct 25, 2018, at 5:35 PM, Kees Cook wrote:
>
>> On Fri, Oct 26, 2018 at 12:00 AM, Andy Lutomirski
>> wrote:
>> You could bite the bullet and add seccomp eBPF support :)
>
> I'm not convinced this is a good enough reason for gaining the eBPF
> attack surface yet.
>
>
Is it an interes
On Fri, Oct 26, 2018 at 12:00 AM, Andy Lutomirski wrote:
> You could bite the bullet and add seccomp eBPF support :)
I'm not convinced this is a good enough reason for gaining the eBPF
attack surface yet.
-Kees
--
Kees Cook
On Thu, Oct 25, 2018 at 9:42 AM Michael Sammler wrote:
>
> On 10/25/2018 11:12 AM, Florian Weimer wrote:
> >> I understand your concern about exposing the number of protection keys
> >> in the ABI. One idea would be to state, that the pkru field (which
> >> should probably be renamed) contains an
On 10/25/2018 11:12 AM, Florian Weimer wrote:
I understand your concern about exposing the number of protection keys
in the ABI. One idea would be to state, that the pkru field (which
should probably be renamed) contains an architecture specific value,
which could then be the PKRU on x86 and AMR
On 10/24/2018 08:06 PM, Florian Weimer wrote:
* Michael Sammler:
Add the current value of the PKRU register to data available for
seccomp-bpf programs to work on. This allows filters based on the
currently enabled protection keys.
diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/
* Michael Sammler:
> Thank you for the pointer about the POWER implementation. I am not
> familiar with POWER in general and its protection key feature at
> all. Would the AMR register be the correct register to expose here?
Yes, according to my notes, the register is called AMR (special purpose
* Michael Sammler:
> Add the current value of the PKRU register to data available for
> seccomp-bpf programs to work on. This allows filters based on the
> currently enabled protection keys.
> diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
> index 9efc0e73..e8b9ecfc 1006
