OpenBSD's "pledge" interface could be implemented by libseccomp on Linux https://outflux.net/blog/archives/2015/11/11/evolution-of-seccomp/ …
-
-
Replying to @kees_cook
@kees_cook Can make a nice automated learning mode with support for learning parameter checks for ioctl, futex, etc. via TRACE too.1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@kees_cook Stick one or more sandbox initialization points in the program, auto-learn the profiles for an architecture and then enforce.2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec@securepaul Yeah, I'd love it if libseccomp had tools to do this. An automated version of https://outflux.net/teach-seccomp/ :)1 reply 0 retweets 1 like -
Replying to @kees_cook
@kees_cook@securepaul There's a simple MIT-licensed auto-learning implementation in https://github.com/thestinger/playpen …. Doesn't trace children yet.2 replies 1 retweet 1 like -
Replying to @CopperheadOS
@CopperheadSec@kees_cook Thanks, auto-learn functionality is on my wishlist. Interested in working on merge into libseccomp?1 reply 0 retweets 0 likes -
Replying to @securepaul
@securepaul@kees_cook Yes, definitely. Need to teach it to trace children of the traced child though. Had trouble making it robust.2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec@kees_cook Great! The API might be tricky, but we'll figure it out. Also need to make sure it works the same on all arches.1 reply 0 retweets 0 likes
@securepaul @CopperheadSec https://github.com/dimkr/libwaive Oh look, already written. :P
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.