coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Seccomp in coreutils


From: David Sastre
Subject: Re: Seccomp in coreutils
Date: Sun, 21 Jan 2018 20:58:14 +0100

Please CC me in the responses, as I'm not subscribed to the list.

Regards.

On Sun, Jan 21, 2018 at 8:57 PM, David Sastre <address@hidden>
wrote:

> Hello,
>
> I have been recently playing around with seccomp and the coreutils source
> code and was wondering about the feasibility of implementing seccomp
> filters in the tools.
> The main benefit for the project would be offering the possibility of
> reducing exploitability by reducing the system calls a program might make,
> using a whitelist.
> Searching the mail archives of the project for discussions around this
> topic has not been fruitful, hence my asking.
>
> I have tested locally with some of the easiest examples possible (true and
> echo) and a, quite possibly, very naive implementation; but it seems to
> work as expected.
> If I where to put some effort in this, and provided this functionality is
> made explicitly GNU/Linux dependant and optional, would there be interest
> from the group? I would most probably require assistance with the autotools
> changes required, not to mention code review.
> My main inspiration for this request is the OpenBSD pledge()[1] syscall,
> which is applied to the base system (containing most of the equivalent
> tools in GNU/Linux land). You can check an example[2] on the 'echo' tool
> source code.
>
> Regards and thanks in advance for any feedback, I would love to hear from
> the devs even in the case this request is considered not useful.
>
> [1] https://man.openbsd.org/pledge.2
> [2] https://github.com/openbsd/src/blob/master/bin/echo/echo.c
>


reply via email to

[Prev in Thread] Current Thread [Next in Thread]