Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from... | netdev

[PATCH v17 00/15] seccomp_filter: BPF-based syscall filtering · Will Drewry <wad@chromium.org> · 2012-03-29
[PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Will Drewry <wad@chromium.org> · 2012-03-29
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Andy Lutomirski <luto@amacapital.net> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Markus Gutschke <hidden> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Andrew Lutomirski <hidden> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Markus Gutschke <hidden> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Andrew Lutomirski <hidden> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Markus Gutschke <hidden> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Will Drewry <wad@chromium.org> · 2012-04-10
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Andrew Lutomirski <hidden> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Jonathan Corbet <corbet@lwn.net> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Andrew Lutomirski <hidden> · 2012-04-06
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Michael Kerrisk (man-pages) <hidden> · 2012-04-11
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Michael Kerrisk (man-pages) <hidden> · 2012-04-12
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Andrew Lutomirski <hidden> · 2012-04-12
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Rob Landley <hidden> · 2012-04-16
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Rob Landley <hidden> · 2012-04-10
Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs · Will Drewry <wad@chromium.org> · 2012-04-10
[PATCH v17 05/15] seccomp: kill the seccomp_t typedef · Will Drewry <wad@chromium.org> · 2012-03-29
[PATCH v17 06/15] arch/x86: add syscall_get_arch to syscall.h · Will Drewry <wad@chromium.org> · 2012-03-29
[PATCH v17 11/15] signal, x86: add SIGSYS info and make it synchronous. · Will Drewry <wad@chromium.org> · 2012-03-29
[PATCH v17 10/15] seccomp: add SECCOMP_RET_ERRNO · Will Drewry <wad@chromium.org> · 2012-03-29
Re: [PATCH v17 10/15] seccomp: add SECCOMP_RET_ERRNO · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 10/15] seccomp: add SECCOMP_RET_ERRNO · Will Drewry <wad@chromium.org> · 2012-04-09
[PATCH v17 09/15] seccomp: remove duplicated failure logging · Will Drewry <wad@chromium.org> · 2012-03-29
Re: [PATCH v17 09/15] seccomp: remove duplicated failure logging · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 09/15] seccomp: remove duplicated failure logging · Will Drewry <wad@chromium.org> · 2012-04-09
Re: [PATCH v17 09/15] seccomp: remove duplicated failure logging · Kees Cook <hidden> · 2012-04-09
Re: [kernel-hardening] Re: [PATCH v17 09/15] seccomp: remove duplicated failure logging · Eric Paris <eparis@redhat.com> · 2012-04-09
Re: [kernel-hardening] Re: [PATCH v17 09/15] seccomp: remove duplicated failure logging · Kees Cook <hidden> · 2012-04-09
[PATCH v17 08/15] seccomp: add system call filtering using BPF · Will Drewry <wad@chromium.org> · 2012-03-29
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Vladimir Murzin <hidden> · 2012-03-31
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Will Drewry <wad@chromium.org> · 2012-03-31
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Kees Cook <hidden> · 2012-04-06
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · "H. Peter Anvin" <hpa@zytor.com> · 2012-04-06
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Indan Zupancic <hidden> · 2012-04-08
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Will Drewry <wad@chromium.org> · 2012-04-09
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · James Morris <jmorris@namei.org> · 2012-04-10
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Andrew Morton <akpm@linux-foundation.org> · 2012-04-10
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Will Drewry <wad@chromium.org> · 2012-04-10
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Eric Dumazet <hidden> · 2012-04-10
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Andrew Morton <akpm@linux-foundation.org> · 2012-04-10
Re: [PATCH v17 08/15] seccomp: add system call filtering using BPF · Will Drewry <wad@chromium.org> · 2012-04-10
[PATCH v17 15/15] Documentation: prctl/seccomp_filter · Will Drewry <wad@chromium.org> · 2012-03-29
Re: [PATCH v17 15/15] Documentation: prctl/seccomp_filter · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 15/15] Documentation: prctl/seccomp_filter · Will Drewry <wad@chromium.org> · 2012-04-09
Re: [PATCH v17 15/15] Documentation: prctl/seccomp_filter · Markus Gutschke <hidden> · 2012-04-09
Re: [PATCH v17 15/15] Documentation: prctl/seccomp_filter · Ryan Ware <hidden> · 2012-04-09
Re: [PATCH v17 15/15] Documentation: prctl/seccomp_filter · Will Drewry <wad@chromium.org> · 2012-04-09
Re: [PATCH v17 15/15] Documentation: prctl/seccomp_filter · Ryan Ware <hidden> · 2012-04-10
[PATCH v17 14/15] x86: Enable HAVE_ARCH_SECCOMP_FILTER · Will Drewry <wad@chromium.org> · 2012-03-29
[PATCH v17 13/15] ptrace,seccomp: Add PTRACE_SECCOMP support · Will Drewry <wad@chromium.org> · 2012-03-29
Re: [PATCH v17 13/15] ptrace,seccomp: Add PTRACE_SECCOMP support · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 13/15] ptrace,seccomp: Add PTRACE_SECCOMP support · Will Drewry <wad@chromium.org> · 2012-04-09
[PATCH v17 12/15] seccomp: Add SECCOMP_RET_TRAP · Will Drewry <wad@chromium.org> · 2012-03-29
[PATCH v17 07/15] asm/syscall.h: add syscall_get_arch · Will Drewry <wad@chromium.org> · 2012-03-29
Re: [PATCH v17 07/15] asm/syscall.h: add syscall_get_arch · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 07/15] asm/syscall.h: add syscall_get_arch · Will Drewry <wad@chromium.org> · 2012-04-09
[PATCH v17 04/15] net/compat.c,linux/filter.h: share compat_sock_fprog · Will Drewry <wad@chromium.org> · 2012-03-29
[PATCH v17 03/15] sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W · Will Drewry <wad@chromium.org> · 2012-03-29
[PATCH v17 02/15] Fix apparmor for PR_{GET,SET}_NO_NEW_PRIVS · Will Drewry <wad@chromium.org> · 2012-03-29
Re: [PATCH v17 00/15] seccomp_filter: BPF-based syscall filtering · James Morris <jmorris@namei.org> · 2012-03-29
Re: [PATCH v17 00/15] seccomp_filter: BPF-based syscall filtering · Andrew Morton <akpm@linux-foundation.org> · 2012-04-06
Re: [PATCH v17 00/15] seccomp_filter: BPF-based syscall filtering · James Morris <jmorris@namei.org> · 2012-04-09

Re: [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs

From: Andrew Morton <hidden>
Date: 2012-04-06 19:55:24
Also in: linux-arch, linux-man, lkml

On Thu, 29 Mar 2012 15:01:46 -0500
Will Drewry [off-list ref] wrote:

From: Andy Lutomirski <redacted>

With this set, a lot of dangerous operations (chroot, unshare, etc)
become a lot less dangerous because there is no possibility of
subverting privileged binaries.

The changelog doesn't explain the semantics of the new syscall. 
There's a comment way-down-there which I guess suffices, if you hunt
for it.

And the changelog doesn't explain why this is being added.  Presumably
seccomp_filter wants/needs this feature but whowhatwherewhenwhy?  Spell
it all out, please.

The new syscall mode will be documented in the prctl manpage.  Please
cc linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org and work with Michael on getting this
done?

...

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help