[OE-core] pseudo: host user contamination
Andre McCurdy
armccurdy at gmail.com
Sun Mar 25 02:43:41 UTC 2018
On Sat, Mar 24, 2018 at 5:09 PM, Victor Kamensky <kamensky at cisco.com> wrote:
> On Sat, 24 Mar 2018, Burton, Ross wrote:
>> On 24 March 2018 at 20:12, Victor Kamensky <kamensky at cisco.com> wrote:
>>>
>>> Here is another crazy idea how to deal with it, just
>>> brainstorming what options are on the table: disable
>>> renameat2 with help of seccomp and force coreutils to
>>> use other calls. Something along the lines that were
>>> suggested with intercept of syscall function call, but
>>> let kernel to do interception work.
>>
>> Wow, that's impressively magic. Does this depend on kernel options or
>> specific recent versions?
Yeah, it's impressive but perhaps overkill for this situation.
Having the kernel run a BPF script on every syscall is going to have a
much bigger performance impact than intercepting one specific libc
function in user space.
Also, AFAIK, seccomp can't be nested - so building within an
environment which has already been secured with seccomp (e.g. recent
versions of docker?) might be a problem if pseudo starts to rely on
seccomp too.
More information about the Openembedded-core
mailing list