I'm giving up on seccomp
Eric S. Raymond
esr at thyrsus.com
Thu Sep 3 09:39:43 UTC 2020
Hal Murray <hmurray at megapathdsl.net>:
>
> esr at thyrsus.com said:
> >> I think you have jumped to an unreasonable conclusion by assuming that Go
> >> makes seccomp unintestering. Are you going to rewrite OpenSSL in Go?
> > No. There's an opennsl binding: ...
>
> That's the whole point of my comment. OpenSSL is written in c. If there is a
> typical buffer overrun bug in OpenSSL, seccomp would be as helpful for a Go
> version of ntpd as it is for the current version.
>
> If you want to claim your Go program has no buffer overruns, you can't call
> out to big complicated libraries written in c. You would have to rewrite them
> in Go.
Fair point. That changes my to-do list.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the devel
mailing list