Should we dump seccomp?

Hal Murray hmurray at megapathdsl.net
Sun May 14 02:42:33 UTC 2017


esr at thyrsus.com said:
>> Should we work on a no-DNS version?  It's no good for the
>> typical client/pool case, but it might be interesting for a server.

> I'm against this idea. I think it would add test complexity without a
> commensrate gain. 

If the idea is to reduce the attack surface, I'd expect interest in making it 
significantly smaller.

Again, this is down in the weeds.

The DNS stuff adds a lot of syscalls such as pthreads.  Looks like the code 
is already there.

#ifdef ENABLE_DNS_LOOKUP
        SCMP_SYS(clone),        /* threads */
        SCMP_SYS(futex),        /* sem_xxx, used by threads */
        SCMP_SYS(kill),         /* generate signal */
        SCMP_SYS(madvise),
        SCMP_SYS(mprotect),
        SCMP_SYS(set_robust_list),
        SCMP_SYS(sendmmsg),     /* DNS lookup */
        SCMP_SYS(socketpair),
        SCMP_SYS(statfs),
        SCMP_SYS(uname),
#endif

I guess I'll setup a test case.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list