Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Securing curl with syscalls
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Emil Engler via curl-users <curl-users_at_cool.haxx.se>
Date: Fri, 2 Oct 2020 17:48:32 +0200
Is your plan to make this a libcurl feature? Mine is not that's why I am
posting it on curl-users =)
Libraries should not use such syscalls because it could lead to many
SIGKILLS if users put it into their application.
But maybe I am also understanding you wrong, please correct me then.
Cheers,
Emil
On 10/2/20 5:33 PM, Daniel Stenberg via curl-users wrote:
> On Fri, 2 Oct 2020, Emil Engler via curl-users wrote:
>
>> My idea would be to write our own wrapper which will have a struct (or
>> alternatively a bitmask) that has fields that are booleans with names
>> like "access", "inet", "stdio". Then we would need a function which is
>> being compiled differently from OS to OS. It interprets the struct and
>> then executes the required syscall.
>
> I would imagine the function won't even need very much flexibility since
> it'll invoke libcurl so it needs to let libcurl do what it needs to do -
> but not more.
>
> I figure just diving in and experimenting with this is what's needed
> here to get a feel for what can work and what will not...
>
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-10-02
Date: Fri, 2 Oct 2020 17:48:32 +0200
Is your plan to make this a libcurl feature? Mine is not that's why I am
posting it on curl-users =)
Libraries should not use such syscalls because it could lead to many
SIGKILLS if users put it into their application.
But maybe I am also understanding you wrong, please correct me then.
Cheers,
Emil
On 10/2/20 5:33 PM, Daniel Stenberg via curl-users wrote:
> On Fri, 2 Oct 2020, Emil Engler via curl-users wrote:
>
>> My idea would be to write our own wrapper which will have a struct (or
>> alternatively a bitmask) that has fields that are booleans with names
>> like "access", "inet", "stdio". Then we would need a function which is
>> being compiled differently from OS to OS. It interprets the struct and
>> then executes the required syscall.
>
> I would imagine the function won't even need very much flexibility since
> it'll invoke libcurl so it needs to let libcurl do what it needs to do -
> but not more.
>
> I figure just diving in and experimenting with this is what's needed
> here to get a feel for what can work and what will not...
>
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-10-02