[Bug 2142] openssh sandboxing using libseccomp
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Aug 14 06:16:16 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2142
--- Comment #2 from Loganaden Velvindron <loganaden at gmail.com> ---
So libseccomp would be "untrusted", similar to kerberos ?
libseccomp has seen steady progress, and I think that it would be nice
if openssh takes advantage of it if it is deployed on a fairly recent
linux system.
http://www.paul-moore.com/files/lj/libseccomp-pmoore-lss2012-r1.pdf
Please see page 3 :-)
Capsicum is also working towards a similar approach with libcapsicum &
libangel.
(https://code.google.com/p/capsicum-core/)
I'm not suggesting replacing will's seccomp patch, but rather provide
it as an additional build time option that package maintainers can take
advantage of if libseccomp is present.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list