One Thousand Gnomes writes:
> On Wed, 30 Jul 2014 11:41:41 -0700
> ebied...@xmission.com (Eric W. Biederman) wrote:
>
>> One Thousand Gnomes writes:
>>
>> >> Andy you seem to be arguing here for two system calls.
>> >> get_urandom() and get_random().
>> >>
>> >> Where get_urandom only blocks i
On Wed, 30 Jul 2014 11:41:41 -0700
ebied...@xmission.com (Eric W. Biederman) wrote:
> One Thousand Gnomes writes:
>
> >> Andy you seem to be arguing here for two system calls.
> >> get_urandom() and get_random().
> >>
> >> Where get_urandom only blocks if there is not enough starting entropy,
>
One Thousand Gnomes writes:
>> Andy you seem to be arguing here for two system calls.
>> get_urandom() and get_random().
>>
>> Where get_urandom only blocks if there is not enough starting entropy,
>> and get_random(GRND_RANDOM) blocks if there is currently not enough
>> entropy.
>>
>> That wou
> > We sort of have one. It's called capable(). Just needs extending to cover
> > anything else you care about, and probably all the numeric constants
> > replacing with textual names.
> >
>
> Except that it's all backwards: these are things that default to *on*,
> and people might want them to tu
> Andy you seem to be arguing here for two system calls.
> get_urandom() and get_random().
>
> Where get_urandom only blocks if there is not enough starting entropy,
> and get_random(GRND_RANDOM) blocks if there is currently not enough
> entropy.
>
> That would allow -ENOSYS to be the right retur
Andy Lutomirski writes:
> On Jul 27, 2014 5:06 PM, "Theodore Ts'o" wrote:
>>
>> On Fri, Jul 25, 2014 at 11:30:48AM -0700, Andy Lutomirski wrote:
>> >
>> > There is recent interest in having a way to turn generally-available
>> > kernel features off. Maybe we should add a good one so we can stop
On Jul 27, 2014 5:06 PM, "Theodore Ts'o" wrote:
>
> On Fri, Jul 25, 2014 at 11:30:48AM -0700, Andy Lutomirski wrote:
> >
> > There is recent interest in having a way to turn generally-available
> > kernel features off. Maybe we should add a good one so we can stop
> > bikeshedding and avoid proli
On Fri, Jul 25, 2014 at 11:30:48AM -0700, Andy Lutomirski wrote:
>
> There is recent interest in having a way to turn generally-available
> kernel features off. Maybe we should add a good one so we can stop
> bikeshedding and avoid proliferating dumb interfaces.
I believe the seccomp infrastruct
On Fri, Jul 25, 2014 at 7:30 PM, Andy Lutomirski wrote:
> [new thread because this sort of combines two threads]
>
> There is recent interest in having a way to turn generally-available
> kernel features off. Maybe we should add a good one so we can stop
> bikeshedding and avoid proliferating dum
Andy Lutomirski writes:
> On Fri, Jul 25, 2014 at 2:35 PM, One Thousand Gnomes
> wrote:
>> On Fri, 25 Jul 2014 11:30:48 -0700
>> Andy Lutomirski wrote:
>>
>>> [new thread because this sort of combines two threads]
>>>
>>> There is recent interest in having a way to turn generally-available
>>>
On Fri, Jul 25, 2014 at 4:43 PM, H. Peter Anvin wrote:
> On 07/25/2014 11:30 AM, Andy Lutomirski wrote:
>> - 32-bit GDT code segments [huge attack surface]
>> - 64-bit GDT code segments [probably pointless]
>
> I presume you mean s/GDT/LDT/.
>
> We already don't allow 64-bit LDT code segme
On 07/25/2014 11:30 AM, Andy Lutomirski wrote:
> - 32-bit GDT code segments [huge attack surface]
> - 64-bit GDT code segments [probably pointless]
I presume you mean s/GDT/LDT/.
We already don't allow 64-bit LDT code segments. Also, it is unclear to
me how 32-bit LDT segments have a hug
On Fri, Jul 25, 2014 at 2:35 PM, One Thousand Gnomes
wrote:
> On Fri, 25 Jul 2014 11:30:48 -0700
> Andy Lutomirski wrote:
>
>> [new thread because this sort of combines two threads]
>>
>> There is recent interest in having a way to turn generally-available
>> kernel features off. Maybe we should
On Fri, 25 Jul 2014 11:30:48 -0700
Andy Lutomirski wrote:
> [new thread because this sort of combines two threads]
>
> There is recent interest in having a way to turn generally-available
> kernel features off. Maybe we should add a good one so we can stop
> bikeshedding and avoid proliferating
On Fri, Jul 25, 2014 at 1:15 PM, Dave Jones wrote:
> On Fri, Jul 25, 2014 at 11:30:48AM -0700, Andy Lutomirski wrote:
>
> > There is recent interest in having a way to turn generally-available
> > kernel features off. Maybe we should add a good one so we can stop
> > bikeshedding and avoid pro
On Fri, Jul 25, 2014 at 11:30:48AM -0700, Andy Lutomirski wrote:
> There is recent interest in having a way to turn generally-available
> kernel features off. Maybe we should add a good one so we can stop
> bikeshedding and avoid proliferating dumb interfaces.
>
> Things that might want to
[new thread because this sort of combines two threads]
There is recent interest in having a way to turn generally-available
kernel features off. Maybe we should add a good one so we can stop
bikeshedding and avoid proliferating dumb interfaces.
Things that might want to be turn-off-able include:
17 matches
Mail list logo
