curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Securing curl with syscalls

From: Emil Engler via curl-users <>
Date: Fri, 2 Oct 2020 17:48:32 +0200

Is your plan to make this a libcurl feature? Mine is not that's why I am
posting it on curl-users =)

Libraries should not use such syscalls because it could lead to many
SIGKILLS if users put it into their application.

But maybe I am also understanding you wrong, please correct me then.


On 10/2/20 5:33 PM, Daniel Stenberg via curl-users wrote:
> On Fri, 2 Oct 2020, Emil Engler via curl-users wrote:
>> My idea would be to write our own wrapper which will have a struct (or
>> alternatively a bitmask) that has fields that are booleans with names
>> like "access", "inet", "stdio". Then we would need a function which is
>> being compiled differently from OS to OS. It interprets the struct and
>> then executes the required syscall.
> I would imagine the function won't even need very much flexibility since
> it'll invoke libcurl so it needs to let libcurl do what it needs to do -
> but not more.
> I figure just diving in and experimenting with this is what's needed
> here to get a feel for what can work and what will not...
Received on 2020-10-02