On Mon, Sep 29, 2014 at 02:27:39PM +0000, bancfc_at_openmailbox.org wrote:
>
> Seccomp Resources:
>
> https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt (Kernel
> documentation for the feature)
>
> http://outflux.net/teach-seccomp/ ( A guide on writing a simple filter and
> using error checking. Note that seccomp supports whitelists which can make
> it easier, you simply allow only the bear minimum of safe syscalls needed to
> make curl function).

This is a good place to start, but one should note that the magical
"seccomp-bpf.h" header that the outflux.net link refers to is only valid
for x86 architectures. One would need to link against libseccomp[1] to
support all the architectures where curl builds.

It should also be mentioned that most of your suggestions for improving
security aren't relevant to libcurl (seccomp included). Rather, they're
more focused on the curl tool, which is a different list.

d

[1] http://sourceforge.net/projects/libseccomp/
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-09-29