Fixing SECCOMP filter stacking

Chris Jones jones.chris.g at gmail.com
Wed Nov 26 16:37:48 PST 2014


On Wed, Nov 26, 2014 at 12:36 PM, Robert O'Callahan <robert at ocallahan.org>
wrote:

> The other way is to have rr choose a fixed address for the untraced
> syscall when we spawn the first tracee, and after every exec mmap a page at
> that address (whatever the architecture) and store an untraced-syscall code
> sequence in it. Then rr can set up a single SECCOMP when we spawn the first
> tracee.
>
>
​That's​ analogous to how valgrind loads its in-process code; mapped to a
fixed address below the usual exe offset.  So in line with prior art.  I
wonder if we could even use the same trick: set some ELF header on
librrpreload.so to have it mapped at an analogous location.  That would
also let us turn off PIC, though that probably doesn't buy us anything
anymore.

​Cheers,
Chris​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rr-dev/attachments/20141126/efec2928/attachment.html>


More information about the rr-dev mailing list