droproot, seccomp

Richard Laager rlaager at wiktel.com
Tue Feb 25 15:37:28 UTC 2020


On 2/24/20 11:02 PM, Hal Murray via devel wrote:
> I'm looking at strace output.  There are a few calls used only once or twice.
> 
> It seems obvious that we should drop root as early as possible.  But it's not 
> obvious that we should enable seccomp early.
> 
> If we turn on seccomp early, then we have to allow all the syscalls used 
> during initialization so a bad guy could use them too.
> 
> So what are we worried about?  What is seccomp trying to protect against?  
> Bugs in our initialization code before we start exchanging packets, or bugs in 
> the mainline code after initialization when the bad guys get to send us 
> packets?

I'd say the latter.

-- 
Richard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200225/7653a22a/attachment.bin>


More information about the devel mailing list