News: 0000830504

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Cook: Security things in Linux v5.6

([Kernel] Sep 3, 2020 14:20 UTC (Thu) (corbet))


Kees Cook [1]catches up with the security-relevant changes in the 5.6 kernel release. " With my 'attack surface reduction' hat on, I remain personally suspicious of the io_uring() family of APIs, but I can’t deny their utility for certain kinds of workloads. Being able to pipeline reads and writes without the overhead of actually making syscalls is pretty great for performance. Jens Axboe has added the IORING_OP_OPENAT command so that existing io_urings can open files to be added on the fly to the mapping of available read/write targets of a given io_uring. While LSMs are still happily able to intercept these actions, I remain wary of the growing 'syscall multiplexer' that io_uring is becoming. "



[1] https://outflux.net/blog/archives/2020/09/02/security-things-in-linux-v5-6/

"What surprises you most about mankind?"

God answered:

"That they get bored of being children, are in a rush to grow up, and then long
to be children again. That they lose their health to make money and then lose
their money to restore their health. That by thinking anxiously about the
future, they forget the present, such that they live neither for the present
nor the future. That they live as if they will never die, and they die as if
they had never lived."
-- Jim Brown, published by Reata Strickland as
An Interview with God ISBN 0743229576. (Variation of it was misattributed
to https://en.wikiquote.org/wiki/Tenzin_Gyatso,_14th_Dalai_Lama )