-
-
Replying to @CopperheadOS
@tehjh@whabib@Annaleen@fugueish Doing something like proxying system calls via IPC to do seccomp sandboxing would be much harder...1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec@whabib@Annaleen@fugueish is that really so hard? seccomp even has support specifically for forwarding syscalls to ptrace1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@tehjh@whabib@Annaleen@fugueish Using ptrace for sandboxing is very questionable but it's great for auto-learned syscall profiles.2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec@whabib@Annaleen@fugueish how so? seccomp arch check prevents API confusion, then SECCOMP_RET_TRACE forwards to ptracer1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec@whabib@Annaleen@fugueish well, yes, doing validation on data while it's in the sandboxed process would be stupid1 reply 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec yeah. you could even convert mmap syscalls for anon memory to map a memfd instead as perf opt for buffers without validation1 reply 0 retweets 0 likes
@CopperheadSec although I'm not sure whether that optimization makes sense or would cost too much mem for pagetables
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.