On Wed 2018-01-24 20:46:22, Alan Cox wrote: > > Anyway, no need to add prctl(), if A can ptrace B and B can ptrace A, > > leaking info between them should not be a big deal. You can probably > > find existing macros doing neccessary checks. > > Until one of them is security managed so it shouldn't be able to ptrace > the other, or (and this is the nasty one) when a process is executing > code it wants to protect from the rest of the same process (eg an > untrusted jvm, javascript or probably nastiest of all webassembly) > > We don't need a prctl for trusted/untrusted IMHO but we do eventually > need to think about API's for "this lot is me but I don't trust > it" (flatpack, docker, etc) and for what JIT engines need to do.
Agreed.
And yes, JITs are interesting, and given the latest
rowhammer/sidechannel attacks, something we may want to limit in
future...
It sounds nice on paper but is just risky.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature
