Comment by nneonneo

Comment by nneonneo 7 days ago

1 reply

View on Hacker News

If you want to make it actually decently safe, one approach would be to make a list of all the syscalls you critically need after you have loaded all the content in memory (strace can help), then write a seccomp filter to block all the others. Since you don’t need filesystem interaction or pretty much anything except socket I/O, your syscall allowlist can be pretty short. This will ensure that even if an attacker manages to exploit a bug (like a UAF) they’ll be dropped into a sandbox with very little useful functionality.

cenamus 7 days ago

Or (if on openbsd), the pledge and unveil syscalls. Pretty similar effect, but much easier

Reply View 0 replies