|
|
Subscribe / Log in / New account

OpenBSD system-call-origin verification

OpenBSD system-call-origin verification

Posted Dec 12, 2019 11:47 UTC (Thu) by dvdeug (guest, #10998)
In reply to: OpenBSD system-call-origin verification by Cyberax
Parent article: OpenBSD system-call-origin verification

It works, though. POSIX promises a C API, not a kernel ABI or API, and the kernel changing the syscall breaks the kernel's ABI. Go can do the same thing libc does and abstract away the problem; it's always the job of high-level languages to smooth over the raw low-level details.

to post comments

OpenBSD system-call-origin verification

Posted Dec 12, 2019 22:39 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

It's trivially easy to implement the process-global setuid() in the kernel, instead of using racy signal-based implementation. Keeping around crap code like this simply adds to the technical debt and is stifling innovation (like Go is trying to do).

OpenBSD system-call-origin verification

Posted Dec 14, 2019 17:53 UTC (Sat) by luto (guest, #39314) [Link]

It’s not trivial. Looping over all threads is straightforward. Changing the uid of a running thread is not (that thread might be busy reading its own uid or, worse, changing its creds). Defining what happens if you run out of memory part way through is not trivial. Dealing with races against clone() is not trivial.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds