Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp765696imm;
        Wed, 17 Oct 2018 08:01:45 -0700 (PDT)
X-Google-Smtp-Source: ACcGV63g4ACGH7CZghxPM+uYKX8Kz/HbHtRZV8QppUDf/kYVNZDbVzWk3lJ+RAr3jSOX9n9utsAh
X-Received: by 2002:a63:c40c:: with SMTP id h12-v6mr12944760pgd.298.1539788505180;
        Wed, 17 Oct 2018 08:01:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539788505; cv=none;
        d=google.com; s=arc-20160816;
        b=f6TaXGfKxB3Y0C3UEt9p4Z3SBgTsDp3FUZIAsKY3EH/esCCzPpajNUpAf9x1+AxU8R
         M4wuf482Nqy8qmTlu1JrPaMh08iS69hWI+4z+8xBk8xKgqgVcouxEA45JGVnsbztCpdq
         KVPywePEmm9Q08iFXhrL13ZYY/LreIrw59Dq3/5ZenOGPQhzKo3nmKw+ENjabT7e41M3
         M3U1LwcwczCx8Hn0jKN4IUZUTdVQq8zoFdE7CfulXg6GUu4JmmZur/9OA7dKx8Cdnvok
         Bt62Ei6YcdYhWVs0r0quqOXXPMxiF1J/DE3Gk0HBZJ9rffTVBd76Be5Bmsq4AJUZK9YU
         II/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=+w4uT5M8XVFGHMdg7etMkPkGeFLqeczrwzOvfjem6lk=;
        b=y6N4FoSZ88NcqpvQ9scWLziR1ceLTrLVLSUvQ56HcGwzVuEDhGwzib51H/TKvsO93o
         b0OhGteNlxI8t8NU2LtgxJ5s2kw1B3TPsifQopUHXplHvCyBpJ2s8OXsuCxUFcIX3Pjy
         65NId2rbXTsslBA1xh+sxrpzk5cduk6YxUpUwO+H2Td0CNcSfDb0UFd/X8YPI/64iTSt
         aiqIM8f1436xw1uuIMRDlex9oBDdWU6uNiG0eCW1jdshNT5ApL3oEoPtcjOZEEXQTbnp
         QhDzcbRXSqyjcyMHcEmnA1L0D28F5+4jY1W/al/PZXZ+VSzF6K5s8oPmhCW4Bs+tOfaE
         P9iQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b="Q/lRJout";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y136-v6si20448530pfg.52.2018.10.17.08.01.29;
        Wed, 17 Oct 2018 08:01:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b="Q/lRJout";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727857AbeJQW4b (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 99 others); Wed, 17 Oct 2018 18:56:31 -0400
Received: from mail-io1-f66.google.com ([209.85.166.66]:44158 "EHLO
        mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727014AbeJQW4b (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 17 Oct 2018 18:56:31 -0400
Received: by mail-io1-f66.google.com with SMTP id s6-v6so8366516ioa.11
        for <linux-kernel@vger.kernel.org>; Wed, 17 Oct 2018 08:00:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tycho-ws.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=+w4uT5M8XVFGHMdg7etMkPkGeFLqeczrwzOvfjem6lk=;
        b=Q/lRJoutlLlmjy0pJ6pvEEgqRgZIkr2eiqBYr4KpVwIuUXhtwujUOPrB/U2pMZpHaO
         P0DZI92LNlVgwdyxTTpYGAbwiAKWQgsm6ynNoBx4jb7xSDzRv8L2A0pKNNe/xXwW9hmn
         ndqC6jT1fpEMrYYZlyTUrVnKq9gGr9oYxukxqiqrkykCa8PB8JoSFMwDi3KZyfXc4CvQ
         SRxL3vaGY0HevinBdEv85Ntv0RoMP8wJAZ2Mlb/WSkEqnBm0ZBdxXEbpRrVR5W+8t8KY
         eEgXTGhX256JyPmjIy/f3Mj/TgLzJkUz9tW/9od/90OIgdAQnoL7agHdvMTmXZvvNI23
         bQfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=+w4uT5M8XVFGHMdg7etMkPkGeFLqeczrwzOvfjem6lk=;
        b=XKjprXQL8xx098f6QgnS57g3c1Fye7bmHJxidM3SLVicxbL/nBHbWG7fg/cW5P2Vtt
         nvfT7so38BJnfjB+ABRQdg6uo3dC1ZS7O5mL4eG1WEDK7PF8hfX86bo980CTB4iOET2o
         v5iCfnvNbAhnSAXX4cQzOxfNd37rwzZfZLgPiNhXTSZR3d1Fj6clu5xhXkzkKAT/qieO
         UlD08T4op7RbklIT/+YHfloN92LbqZV7zbiq6I0kzQUePmLYLfe7Mb6Kbb+JpJTzmT9A
         CiptJyNKCRhwr63mtUCElfmzqAqWM2AlKWzDyvss8qPT+qVFKziD9uMfEgRmCpEsIYnl
         VItg==
X-Gm-Message-State: ABuFfohOuKTv2BzeV6z9z23BtUONGXTJ91TJ+msEKj6xsG3maGzRQnS0
        K3bQGwSSWKWe/SkNrnZ6G/QLSg==
X-Received: by 2002:a6b:cc02:: with SMTP id c2-v6mr15756223iog.180.1539788424969;
        Wed, 17 Oct 2018 08:00:24 -0700 (PDT)
Received: from cisco (174-16-200-171.hlrn.qwest.net. [174.16.200.171])
        by smtp.gmail.com with ESMTPSA id p136-v6sm1057627itb.37.2018.10.17.08.00.22
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Wed, 17 Oct 2018 08:00:23 -0700 (PDT)
Date:   Wed, 17 Oct 2018 09:00:22 -0600
From:   Tycho Andersen <tycho@tycho.ws>
To:     Michael Tirado <mtirado418@gmail.com>
Cc:     Andy Lutomirski <luto@amacapital.net>,
        LKML <linux-kernel@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH v6 3/5] seccomp: add a way to get a listener fd from
 ptrace
Message-ID: <20181017150022.GA7544@cisco>
References: <20180906152859.7810-1-tycho@tycho.ws>
 <20180906152859.7810-4-tycho@tycho.ws>
 <CALCETrXGBZyqDb7DEysHmOkxaBrXUp4s2X08HfqZkpjM28s3Hg@mail.gmail.com>
 <CAMkWEXNN2_saQN-yQ7Pwgau1YTYQQuih+KLnKj5-cOYa6CyMPw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAMkWEXNN2_saQN-yQ7Pwgau1YTYQQuih+KLnKj5-cOYa6CyMPw@mail.gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Oct 17, 2018 at 07:25:00AM +0000, Michael Tirado wrote:
> On Thu, Sep 13, 2018 at 12:02 AM Andy Lutomirski <luto@amacapital.net> wrote:
> >
> > Or we could have a
> > seccomp() mode that adds a filter but only kicks in after execve().
> >
> > --Andy
> 
> Hey that's a pretty good idea, then we could block execve in a seccomp
> launcher without post-exec cooperation, or that patch I wrote that used
> an execve counter which probably should have been through prctl instead.
> 
> As for the rest of this long thread,
> has anyone mentioned a specific use case that I missed? I didn't see code
> patches sent to the linux-kernel mailing list, only this discussion thread
> so I'm probably missing some important context.  Was it for loading modules
> into kernel from a container?  Couldn't that be handled completely in user
> space without using seccomp at all? Do we really want to turn seccomp into
> a container IPC mechanism? It seems out of scope IMO, and especially
> if it could be handled in user space already.

That's one of the use cases, but there are a large number of others. I
discuss a few in patch 1:
https://www.spinics.net/lists/linux-containers/msg33956.html

> Why does it have to be a file descriptor, what would you be writing back to?
> Could waitid be used somehow instead of ptrace to get notification
> from a filter?

You can already do this with SECCOMP_RET_TRACE. Of course, that means
the task has to be traced, and avoiding that is the point of this
series.

> tldr, can someone kindly tell me how to find all the details surrounding these
> patches so I can stop making really bad guesses?

FWIW, I'm dropping the ptrace bits (and the fd passing bits) from the
next version, because they seem fairly controversial. So this will be
going away.

Tycho