News: 0000830504

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Cook: Security things in Linux v5.6

([Kernel] Sep 3, 2020 14:20 UTC (Thu) (corbet))


Kees Cook [1]catches up with the security-relevant changes in the 5.6 kernel release. " With my 'attack surface reduction' hat on, I remain personally suspicious of the io_uring() family of APIs, but I can’t deny their utility for certain kinds of workloads. Being able to pipeline reads and writes without the overhead of actually making syscalls is pretty great for performance. Jens Axboe has added the IORING_OP_OPENAT command so that existing io_urings can open files to be added on the fly to the mapping of available read/write targets of a given io_uring. While LSMs are still happily able to intercept these actions, I remain wary of the growing 'syscall multiplexer' that io_uring is becoming. "



[1] https://outflux.net/blog/archives/2020/09/02/security-things-in-linux-v5-6/

Underdogging:
The tendency to almost invariably side with the underdog in a
given situation. The consumer expression of this trait is the
purchasing of less successful, "sad," or failing products: "I know
these Vienna franks are heart failure on a stick, but they were so sad
looking up against all the other yuppie food items that I just had to
buy them."
-- Douglas Coupland, "Generation X: Tales for an Accelerated
Culture"