Is it time to drop seccomp?
Hal Murray
hmurray at megapathdsl.net
Wed Feb 13 05:52:22 UTC 2019
> sycomp = seccomp?
Yup. But you dropped an s from my syscomp
> I don't. How many system calls is crypto going to use, though? Isn't it all
> integer arithmetic and file I/O?
I don't expect troubles from the crypto. It's the TCP/TLS that I'm suspicious
of. TLS1.3 has lots of stuff in man pages that I don't understand about
reusing connections. I'm pretty sure the idea is to avoid round trips when
(re)starting a connection. It sounds like something that is likely to do
obscure things and be hard to test.
I like the strace idea. Why don't you collect some data, write the code to
process it, and compare the results with our code? It would be interesting to
see how many unused slots we have.
Plan B is to do it the old way. Maybe it won't be as bad as I'm suggesting.
Are you willing to give it a try? I assume you are going to help test NTS
anyway. Do you have a certificate handy? If not, I can write a (very) quick
HOWTO.
--
These are my opinions. I hate spam.
More information about the devel
mailing list