Comment by fragmede

Comment by fragmede 4 days ago

> It provides a simple, developer-friendly way to add defense-in-depth to applications.

Defense in depth. Lock your valuables inside a safe, inside of your locked house. Why lock them in a safe when your house is already locked? Because if someone breaks into your house, you want additional defense "just in case". So just in case I wrote some shitty code and my server got hacked, lock the valuables in a safe anyway so that thief can't steal the expensive silverware (prod credentials).

yalogin 4 days ago

Aren’t there existing methods to do this using selinux or apparmor?

Reply View 3 replies

zie 3 days ago

Yes, but basically nobody uses either of those things. Some vendors like Redhat enables some of it by default, but when people have issues getting software to work, the first thing they are told to try is to turn all that stuff off.
Which means in the real world, the likelihood of that stuff being on and secure is fairly low, but not zero.
With landlock, pledge/unveil and similar tech, the developers of the software write and configure it, it's on by default and probably can't be turned off(or at least not easily).

Reply View | 0 replies
staticassertion 3 days ago

You need to be root to set those up. These are typically admin-driven policies, not dev-driven. Landlock is unprivileged, meaning that a program can set its own policy up without root.
This is massive since most ways of dropping privileges on Linux require already having significant permissions (ie: root).

Reply View | 0 replies
loeg 3 days ago

Both have shortcomings.

Reply View | 0 replies