This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH RFC] Add support for linux memfd_create syscall
- From: Florian Weimer <fweimer at redhat dot com>
- To: "Carlos O'Donell" <carlos at redhat dot com>, David Herrmann <dh dot herrmann at gmail dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 24 Nov 2014 18:02:56 +0100
- Subject: Re: [PATCH RFC] Add support for linux memfd_create syscall
- Authentication-results: sourceware.org; auth=none
- References: <1413537694-30556-1-git-send-email-dh dot herrmann at gmail dot com> <546F808C dot 1070801 at redhat dot com> <CANq1E4SU0sJ8m--rFXUja=p5AzNVJEu1ApcqhpQv1ntwNrmdwQ at mail dot gmail dot com> <546F8776 dot 2030802 at redhat dot com>
On 11/21/2014 07:41 PM, Carlos O'Donell wrote:
My kernel patches already had man-pages included. I'm currently
talking with Michael Kerrisk to get them upstream. I will try to
include something for llio.texi in v2.
Thank you. Anything would be better than nothing.
Specifically, for sealing support, we should provide a sequence of
system calls by which senders and receivers can cooperate to make sure
that the receiver cannot run into the denial-of-service issues usually
associated with mapping files across trust boundaries (i.e., the sender
prepares the magic descriptor, and the receiver checks that the
preparation has been done properly). If the kernel is not willing to
make such a commitment, this functionality should go into a separate
library, and glibc should probably not expose the sealing functionality.
(memfd_create is useful in its own right to create aliasable mappings,
though.)
--
Florian Weimer / Red Hat Product Security