On 09/04/2015 11:50 PM, Andy Lutomirski wrote:
On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen
[...]
+static const struct bpf_func_proto * +seccomp_func_proto(enum bpf_func_id func_id) +{ + /* Right now seccomp eBPF loading doesn't support maps; seccomp filters + * are considered to be read-only after they're installed, so map fds + * probably need to be invalidated when a seccomp filter with maps is + * installed. + * + * The rest of these might be reasonable to call from seccomp, so we + * export them. + */ + switch (func_id) { + case BPF_FUNC_ktime_get_ns: + return &bpf_ktime_get_ns_proto; + case BPF_FUNC_trace_printk: + return bpf_get_trace_printk_proto(); + case BPF_FUNC_get_prandom_u32: + return &bpf_get_prandom_u32_proto;I don't think we should expose prandom to unprivileged userspace. This may be an attack vector.
Agreed, it should not be exposed for unpriv'ed users. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
