Yo Eric! On Wed, 2 Sep 2020 14:33:10 -0400 "Eric S. Raymond" <e...@thyrsus.com> wrote:
> Gary E. Miller via devel <devel@ntpsec.org>:
> > Lost me. seccomp applies to Go as much as it applies to C.
>
> Why do you think so? My understanding is that the reason you want to
> block unexpected system calls is becase C buffer overruns can be used
> to make weird machines.
Buffer overruns are just one way a program might make unexpected system
calls. Even if you can guarantee that a Go program could never be
maliciously corrupted externally, you can never guarantee that the
Go program can not be trojaned.
So Go will still need seccomp, and will have be the same PITA it is
with C.
> Is there something wrong with this reasoning?
Yup.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgpnBuItIubJC.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
