Deep argument inspection for seccomp

Posted Sep 18, 2019 23:29 UTC (Wed) by Cyberax (✭ supporter ✭, #52523)
Parent article: Deep argument inspection for seccomp

Come to think about it, what if there's a generic layer in front of syscalls/ioctls that would copy the arguments from userspace and marshall them into nice eBPF-friendly structures with type information. And then simply route them across the layers.

Some syscalls like clone3() are already doing the right thing, so for them it'd be a trivial wrapper. For other syscalls custom code will have to be written.

This can also be done incrementally. I doubt sandboxes care much about arguments for vm86 syscall, they would just filter it out entirely.

Deep argument inspection for seccomp

Posted Sep 19, 2019 12:16 UTC (Thu) by gnoack (subscriber, #131611) [Link]

My understanding was that this was discussed (and dismissed as too difficult) in the two paragraphs in the article starting with "Yet another idea would be to have system calls declare their argument types more completely so that the parsing of the arguments and, if needed, conversion to kernel objects could be done early in the system call path."?