[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering

(off-list ancestor, not in this archive)
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Kees Cook <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-19
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-19
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-19
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Thomas Gleixner <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Thomas Gleixner <hidden> · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-29
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Thomas Gleixner <hidden> · 2011-05-25
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-24
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · eparis@redhat.com (Eric Paris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering · David Laight <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system callfiltering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · eparis@redhat.com (Eric Paris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · peterz@infradead.org (Peter Zijlstra) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · eparis@redhat.com (Eric Paris) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-17
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Pavel Machek <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-26
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Frederic Weisbecker <hidden> · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · jmorris@namei.org (James Morris) · 2011-05-12
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · arnd@arndb.de (Arnd Bergmann) · 2011-05-13
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-14
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · arnd@arndb.de (Arnd Bergmann) · 2011-05-15
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · Ingo Molnar <hidden> · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · rostedt@goodmis.org (Steven Rostedt) · 2011-05-16
[PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering · wad@chromium.org (Will Drewry) · 2011-05-16

STALE5469d

From: jmorris@namei.org (James Morris)
Date: 2011-05-13 00:18:52
Also in: linux-mips, linuxppc-dev

On Thu, 12 May 2011, Ingo Molnar wrote:

Funnily enough, back then you wrote this:

  " I'm concerned that we're seeing yet another security scheme being designed on 
    the fly, without a well-formed threat model, and without taking into account 
    lessons learned from the seemingly endless parade of similar, failed schemes. "

so when and how did your opinion of this scheme turn from it being an "endless 
parade of failed schemes" to it being a "well-defined and readily 
understandable feature"? :-)

When it was defined in a way which limited its purpose to reducing the 
attack surface of the sycall interface.


- James
-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help