droproot, seccomp
Richard Laager
rlaager at wiktel.com
Tue Feb 25 15:37:28 UTC 2020
On 2/24/20 11:02 PM, Hal Murray via devel wrote:
> I'm looking at strace output. There are a few calls used only once or twice.
>
> It seems obvious that we should drop root as early as possible. But it's not
> obvious that we should enable seccomp early.
>
> If we turn on seccomp early, then we have to allow all the syscalls used
> during initialization so a bad guy could use them too.
>
> So what are we worried about? What is seccomp trying to protect against?
> Bugs in our initialization code before we start exchanging packets, or bugs in
> the mainline code after initialization when the bad guys get to send us
> packets?
I'd say the latter.
--
Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200225/7653a22a/attachment.bin>
More information about the devel
mailing list