Seccomp tangle
Gary E. Miller
gem at rellim.com
Wed May 27 01:28:10 UTC 2020
Yo Hal!
On Tue, 26 May 2020 18:23:55 -0700
Hal Murray via devel <devel at ntpsec.org> wrote:
> I was thinking of putting the individual lists in ntpd/seccomp/
> with something like
> #include "seccomp/foo.c"
> in ntp_sandbox.
Why not just load a text file at runtime during startup?
seccomp does not protect against hacked binary or config files. It
protects against runtime exploits. So no added attack surface by
using a config file.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200526/d7184e86/attachment.bin>
More information about the devel
mailing list