I'm giving up on seccomp
Gary E. Miller
gem at rellim.com
Thu Sep 3 00:37:04 UTC 2020
Yo Eric!
On Wed, 2 Sep 2020 20:35:38 -0400
"Eric S. Raymond" <esr at thyrsus.com> wrote:
> Gary E. Miller via devel <devel at ntpsec.org>:
> > Buffer overruns are just one way a program might make unexpected
> > system calls. Even if you can guarantee that a Go program could
> > never be maliciously corrupted externally, you can never guarantee
> > that the Go program can not be trojaned.
>
> Everything is cost gradients.
>
> Yes, a Go program could be Trojaned, but (a) that is far less likely
> than a buffer overrun is in C, and (b) there are reasonably efficient
> auditing methods to detect Trojanning, good enough that even static
> analyzers lilke Coverity and LGTM can usually catch them by looking
> for shellouts. Syscall blocking is not really the best-fit tool for
> defense against this kind of attack.
No one said the love of seccomp made any sense. But you don't take a
security blanket away from an infant.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200902/b96dc2d6/attachment.bin>
More information about the devel
mailing list