Conversation

This Tweet was deleted by the Tweet author. Learn more

Replying to

It should be using `getrandom`. Not having it whitelisted in existing seccomp-bpf filters is an annoyance, but it's the usual problem with seccomp-bpf. Generic filters should have `getrandom` included since it's needed by a hardened libc or malloc implementation for various uses.

Replying to

and

Using strict filters with minimal system calls whitelisted at the application layer is inherently painful and isn't portable. It doesn't cope with differences across operating systems, upgrades to libraries or different driver libraries. It's great with full system integration.

Replying to

and

It works well as a backend for a higher-level sandbox API such as a generic sandboxes for command-line apps, graphical apps, servers and isolated processes with a higher-level API for requesting functionality. Libraries need their requirements documented for the application too.

3:36 AM · Jul 9, 2019Twitter Web Client

Replying to

and

OpenBSD has a much more usable approach due to being coarser and abstracted based on the libc implementation. It misses many opportunities for reducing attack surface due to not being as fine-grained and not offering parameter filtering, but most seccomp usage doesn't use that.

Replying to

and

It's still not abstracted into a much higher-level API (but at least you don't need to know libc system call implementation details especially for threading features and malloc) and doesn't have adoption other than their own usage due to OpenBSD not being at all widely used.