Is it time to drop seccomp?

Hal Murray hmurray at megapathdsl.net
Thu Feb 14 05:42:24 UTC 2019


> Because that would be silly. At best I could exercise only a tiny random
> sample of the potential execution paths.  Any sense of security we got from
> this would be false. 

With the exception of refclocks, I'll bet you could cover most of what we use.

We can easily get traffic to cover most of the common client and server cases.

What are the unusual cases?
  log file roll over
  HUP processing
  memory allocation (more mru slots)

We could write an optional trap catcher that enabled that slot and wrote a log 
entry.

We could write some code to trigger many of the unusual cases listed above.

Handwave...  Some of the calls into libc are simple wrappers for a system 
call.  Some (math) don't call the system at all.  A few (dns lookup) are 
complicated.  Can we scan our code and split things into 3 piles?

There is an additional complication in this area.  There are some syscalls we 
use during initialization and don't use after drop root.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list