summaryrefslogtreecommitdiff
path: root/USING
diff options
context:
space:
mode:
authorGravatar Benjamin Barenblat <bbaren@google.com>2019-12-03 09:17:35 -0500
committerGravatar Benjamin Barenblat <bbaren@google.com>2019-12-03 09:51:06 -0500
commit22a59d2d8b48cb2762362bd71e24293a53bca09a (patch)
tree2658f134b28d211346bce6576f087aacd184acf2 /USING
parent44041648e79f1a3d0f46903ad84ebcd5261d0c98 (diff)
Add a basic seccomp profile to zhm
Prevent zhm from doing some evil things while it runs (e.g., ptracing) by implementing a basic seccomp-bpf filter. The filter still allows a lot of potentially dangerous operations (e.g., unlink(2)), but this is a good start. The filter is based partly on a close reading of the zhm and libhesiod source code and partly on empirical evidence from running zhm under strace. I’ve run zhm with this filter for several days without incident, but some edge cases (e.g., server failover) are still untested. configure decides whether or not to enable seccomp by looking for libseccomp. By default, it treats seccomp as an enhancement and enables it opportunistically. Builders can force seccomp to be enabled or disabled by passing --with-seccomp or --without-seccomp, respectively, to configure.
Diffstat (limited to 'USING')
0 files changed, 0 insertions, 0 deletions