Should we dump seccomp?

Hal Murray hmurray at megapathdsl.net
Sat May 13 22:51:08 UTC 2017


Eric said:
> Especially since...well, we're supposed to be about security. It would be a
> bit perverse to drop a security feature just because it's occasionally
> inconvenient.

How many of you are using it?

Should we change the default to be --enable-seccomp?  (If on Linux)

If we are serious about supporting it, we need a way to get a stack track 
from the signal handler.  Eric: Please add that to your list.

The problem is that there isn't any way to test that you have covered all the 
obscure corner cases, and you can't learn anything by inspecting the code.  
It would be a bit strange if a security feature caused a crash.


Should we just keep adding syscalls, or should we try to figure out which 
ones are needed by each distro/version?  It probably depends on the libc 
version, but I don't know how often there are significant local mods.

Should we work on a no-DNS version?  It's no good for the typical client/pool 
case, but it might be interesting for a server.


> Yes, it's pretty straighword to run an strace.

Unless it only happens when ntpd is starting during booting.

We had a dangling case for a while until somebody mentioned strace and I 
hacked my startup script to use strace.  I should have documented the recipe.
 

-- 
These are my opinions.  I hate spam.





More information about the devel mailing list