cURL / Mailing Lists / curl-library / Single Mail


Re: Ideas to Improve cURL Security

From: Dave Reisner <>
Date: Mon, 29 Sep 2014 10:46:10 -0400

On Mon, Sep 29, 2014 at 02:27:39PM +0000, wrote:
> Seccomp Resources:
> (Kernel
> documentation for the feature)
> ( A guide on writing a simple filter and
> using error checking. Note that seccomp supports whitelists which can make
> it easier, you simply allow only the bear minimum of safe syscalls needed to
> make curl function).

This is a good place to start, but one should note that the magical
"seccomp-bpf.h" header that the link refers to is only valid
for x86 architectures. One would need to link against libseccomp[1] to
support all the architectures where curl builds.

It should also be mentioned that most of your suggestions for improving
security aren't relevant to libcurl (seccomp included). Rather, they're
more focused on the curl tool, which is a different list.


List admin:
Received on 2014-09-29