This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH RFC] Add support for linux memfd_create syscall

On 11/21/2014 07:41 PM, Carlos O'Donell wrote:
My kernel patches already had man-pages included. I'm currently
talking with Michael Kerrisk to get them upstream. I will try to
include something for llio.texi in v2.

Thank you. Anything would be better than nothing.

Specifically, for sealing support, we should provide a sequence of system calls by which senders and receivers can cooperate to make sure that the receiver cannot run into the denial-of-service issues usually associated with mapping files across trust boundaries (i.e., the sender prepares the magic descriptor, and the receiver checks that the preparation has been done properly). If the kernel is not willing to make such a commitment, this functionality should go into a separate library, and glibc should probably not expose the sealing functionality.

(memfd_create is useful in its own right to create aliasable mappings, though.)

Florian Weimer / Red Hat Product Security

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]