New blog post outlining the implementation of Seccomp and Seccomp-BPF https://illogicalexpressions.com/linux/2016/08/31/seccomp-and-seccomp-bpf.html …
less reliable alternative would be to whitelist execveat(<fd>,*,*,*,AT_EMPTY_PATH) and block close/dup2/dup3 on <fd>, I guess.
-
-
another alternative: create new mount namespace with just an empty inaccessible tmpfs, whitelist execveat, use O_CLOEXEC.
-
note that with the non-tmpfs options, the binary could still make the kernel access arbitrary paths, e.g. via the interpreter path
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.