On 2/24/20 11:02 PM, Hal Murray via devel wrote:
> I'm looking at strace output.  There are a few calls used only once or twice.
> 
> It seems obvious that we should drop root as early as possible.  But it's not 
> obvious that we should enable seccomp early.
> 
> If we turn on seccomp early, then we have to allow all the syscalls used 
> during initialization so a bad guy could use them too.
> 
> So what are we worried about?  What is seccomp trying to protect against?  
> Bugs in our initialization code before we start exchanging packets, or bugs 
> in 
> the mainline code after initialization when the bad guys get to send us 
> packets?

I'd say the latter.

-- 
Richard

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel

Reply via email to