[OE-core] pseudo: host user contamination
Victor Kamensky
kamensky at cisco.com
Sun Mar 25 00:09:31 UTC 2018
On Sat, 24 Mar 2018, Burton, Ross wrote:
> On 24 March 2018 at 20:12, Victor Kamensky <kamensky at cisco.com> wrote:
>> Here is another crazy idea how to deal with it, just
>> brainstorming what options are on the table: disable
>> renameat2 with help of seccomp and force coreutils to
>> use other calls. Something along the lines that were
>> suggested with intercept of syscall function call, but
>> let kernel to do interception work.
>
> Wow, that's impressively magic. Does this depend on kernel options or
> specific recent versions?
Not very recent, but relatively mordern. As far as I read
kernel code seccomp syscall BPF filtering [1] was introduced
in 2012 in 3.5 kernel by chromium project guys.
It is controlled by CONFIG_SECCOMP_FILTER which depends on
HAVE_ARCH_SECCOMP_FILTER that all major CPU architectures
do support by now. And I think CONFIG_SECCOMP_FILTER should
be set for all major cases - AFAIK chrome browser uses it
as one of its sandboxing mechanisms.
But you are right, if any code would use it, it needs to
check whether usable seccomp syscall filtering is present
on the system.
[1] https://github.com/torvalds/linux/blob/master/Documentation/userspace-api/seccomp_filter.rst
Thanks,
Victor
> Ross
>
More information about the Openembedded-core
mailing list