Date: Fri, 21 Jan 2005 13:39:03 -0500 (EST)
From: Rik van Riel <riel@redhat.com>
To: Chris Wright <chrisw@osdl.org>
cc: Ingo Molnar <mingo@elte.hu>, Andrea Arcangeli <andrea@cpushare.com>,
       Andrew Morton <akpm@osdl.org>, linux-kernel@vger.kernel.org
Subject: Re: seccomp for 2.6.11-rc1-bk8
In-Reply-To: <20050121093902.O469@build.pdx.osdl.net>
Message-ID: <Pine.LNX.4.61.0501211338190.15744@chimarrao.boston.redhat.com>
References: <20050121100606.GB8042@dualathlon.random> <20050121120325.GA2934@elte.hu>
 <20050121093902.O469@build.pdx.osdl.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1057
Lines: 24

On Fri, 21 Jan 2005, Chris Wright wrote:
> * Ingo Molnar (mingo@elte.hu) wrote:

>> why do you need any kernel code for this? This seems to be a limited
>> ptrace implementation: restricting untrusted userspace code to only be
>> able to exec read/write/sigreturn.
>
> Only difference is in number of context switches, and number of running
> processes (and perhaps ease of determining policy for which syscalls
> are allowed).  Although it's not really seccomp, it's just restricted
> syscalls...

Yes, but do you care about the performance of syscalls
which the program isn't allowed to call at all ? ;)

-- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/