[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Seccomp in coreutils

From: David Sastre
Subject: Re: Seccomp in coreutils
Date: Sun, 21 Jan 2018 20:58:14 +0100

Please CC me in the responses, as I'm not subscribed to the list.


On Sun, Jan 21, 2018 at 8:57 PM, David Sastre <address@hidden>

> Hello,
> I have been recently playing around with seccomp and the coreutils source
> code and was wondering about the feasibility of implementing seccomp
> filters in the tools.
> The main benefit for the project would be offering the possibility of
> reducing exploitability by reducing the system calls a program might make,
> using a whitelist.
> Searching the mail archives of the project for discussions around this
> topic has not been fruitful, hence my asking.
> I have tested locally with some of the easiest examples possible (true and
> echo) and a, quite possibly, very naive implementation; but it seems to
> work as expected.
> If I where to put some effort in this, and provided this functionality is
> made explicitly GNU/Linux dependant and optional, would there be interest
> from the group? I would most probably require assistance with the autotools
> changes required, not to mention code review.
> My main inspiration for this request is the OpenBSD pledge()[1] syscall,
> which is applied to the base system (containing most of the equivalent
> tools in GNU/Linux land). You can check an example[2] on the 'echo' tool
> source code.
> Regards and thanks in advance for any feedback, I would love to hear from
> the devs even in the case this request is considered not useful.
> [1]
> [2]

reply via email to

[Prev in Thread] Current Thread [Next in Thread]