I'm giving up on seccomp

Eric S. Raymond esr at thyrsus.com
Wed Sep 2 18:33:10 UTC 2020


Gary E. Miller via devel <devel at ntpsec.org>:
> Lost me.  seccomp applies to Go as much as it applies to C.

Why do you think so?  My understanding is that the reason you want to
block unexpected system calls is becase C buffer overruns can be used
to make weird machines.

You can't do that in Go, because there's no pointer arithmetic and
array accesses are all bounds-checked. Thus the utility of blocking
unexpected system calls pretty much vanishes.

Is there something wrong with this reasoning?
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200902/ed592241/attachment.bin>


More information about the devel mailing list