On 2/24/20 11:02 PM, Hal Murray via devel wrote: > I'm looking at strace output. There are a few calls used only once or twice. > > It seems obvious that we should drop root as early as possible. But it's not > obvious that we should enable seccomp early. > > If we turn on seccomp early, then we have to allow all the syscalls used > during initialization so a bad guy could use them too. > > So what are we worried about? What is seccomp trying to protect against? > Bugs in our initialization code before we start exchanging packets, or bugs > in > the mainline code after initialization when the bad guys get to send us > packets?
I'd say the latter. -- Richard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel