[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of
From: |
Philipp Stephani |
Subject: |
Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073) |
Date: |
Tue, 25 Jan 2022 21:09:24 +0100 |
> Am 24.01.2022 um 16:00 schrieb Eli Zaretskii <eliz@gnu.org>:
>
>> From: Lars Ingebrigtsen <larsi@gnus.org>
>> Date: Mon, 24 Jan 2022 15:38:24 +0100
>> Cc: Po Lu <luangruo@yahoo.com>, phst@google.com, p.stephani2@gmail.com,
>> emacs-devel@gnu.org
>>
>> Eli Zaretskii <eliz@gnu.org> writes:
>>
>>>> It apparently leads to crashes when Emacs is run under seccomp with a
>>>> recent glibc version.
>>>
>>> That can happen any day, if glibc folks make some change we didn't
>>> know about. We cannot chase glibc development forever, we will never
>>> succeed catching up with them, certainly not in the long run.
>>
>> But this is a known glibc issue, and crashes aren't fun, so I think the
>> seccomp change was warranted on the release branch.
>
> It is very worrisome that a change in glibc can break Emacs like that.
> I wonder what it means for the maintainability of Emacs in the long
> run. I have a bad feeling about this.
Just to clarify this, nothing here has really broken Emacs. Emacs itself
doesn't depend on libseccomp or the specific seccomp filter at all. It's just
that newer versions of glibc will occasionally add new syscalls which will then
need to get added to seccomp filters for sandboxing to continue working; the
sandbox can only be secure if it fails-close (i.e. exits the process when
encountering an unknown syscall).
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), (continued)
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Philipp Stephani, 2022/01/24
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Eli Zaretskii, 2022/01/24
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Po Lu, 2022/01/24
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Eli Zaretskii, 2022/01/24
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Lars Ingebrigtsen, 2022/01/24
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Eli Zaretskii, 2022/01/24
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Robert Pluim, 2022/01/24
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Eli Zaretskii, 2022/01/24
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Philipp Stephani, 2022/01/25
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Eli Zaretskii, 2022/01/25
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073),
Philipp Stephani <=
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Stefan Monnier, 2022/01/25
- Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Eli Zaretskii, 2022/01/25
Re: emacs-28 6d3608be88: Seccomp: improve support for newer versions of glibc (Bug#51073), Richard Stallman, 2022/01/24