LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

seccomp.2: Switch to "considerate language" 

Thanks-to: https://twitter.com/expensivestevie
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2019-10-28 12:40:36 +01:00
parent 16853a31ee
commit 462ce23d49
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
man2/seccomp.2
View File

@ -309,13 +309,13 @@ it is usually necessary to verify the value of the
.IR arch
field.
.PP
It is strongly recommended to use a whitelisting approach whenever
It is strongly recommended to use an allow-list approach whenever
possible because such an approach is more robust and simple.
A blacklist will have to be updated whenever a potentially
A deny-list will have to be updated whenever a potentially
dangerous system call is added (or a dangerous flag or option if those
are blacklisted), and it is often possible to alter the
are deny-listed), and it is often possible to alter the
representation of a value without altering its meaning, leading to
a blacklist bypass.
a deny-list bypass.
See also
.IR Caveats
below.
@ -343,7 +343,7 @@ is used on the system call number to tell the two ABIs apart.
.\" so that the syscall table indexing still works.
.PP
This means that in order to create a seccomp-based
blacklist for system calls performed through the x86-64 ABI,
deny-list for system calls performed through the x86-64 ABI,
it is necessary to not only check that
.IR arch
equals
@ -369,7 +369,7 @@ system calls to prevent the program from subverting such checks.)
.PP
When checking values from
.IR args
against a blacklist, keep in mind that arguments are often
against a deny-list, keep in mind that arguments are often
silently truncated before being processed, but after the seccomp check.
For example, this happens if the i386 ABI is used on an
x86-64 kernel: although the kernel will normally not look beyond
@ -1047,7 +1047,7 @@ install_filter(int syscall_nr, int t_arch, int f_errno)
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
/* [3] Check ABI - only needed for x86-64 in blacklist use
/* [3] Check ABI - only needed for x86-64 in deny-list use
cases. Use BPF_JGT instead of checking against the bit
mask to avoid having to reload the syscall number. */
BPF_JUMP(BPF_JMP | BPF_JGT | BPF_K, upper_nr_limit, 3, 0),