[Bug 2142] openssh sandboxing using libseccomp
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Aug 14 13:49:54 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2142
--- Comment #4 from Loganaden Velvindron <loganaden at gmail.com> ---
(In reply to Damien Miller from comment #3)
> Sure, but I don't see the point - what's the advantage to using
> libseccomp? It looks like it might have some advantages if we were
> doing argument inspection, were scared of writing BPF or running a
> complex policy but we aren't.
Agreed.
> The existing seccomp sandbox will work on any system that has
> libseccomp and will do the same thing with fewer dependencies and
> less code. Adding another sandbox that does exactly the same thing
> just means we need to maintain two sets of code instead of one.
I see your point ("Reduced attack surface") :-)
In that case, it's probably better that i don't spend more time further
on this.
Thanks.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list