Bug 157380

Summary: [Linux] Remove seccomp filters support
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKit2Assignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, clopez, commit-queue, gyuyoung.kim, jh718.park, mcatanzaro, ossy, tmpsantos, tonikitoo
Priority: P2    
Version: Other   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch none

Description Michael Catanzaro 2016-05-05 12:08:03 PDT
Remove seccomp filters support. Seccomp filters are an experimental feature that is not currently used in any port and just didn't pan out. This code is not currently secure, nobody is working on making it secure, and it requires a complete architectural rewrite as whitelisting individual files and syscalls is not reasonable or scalable. There are many actually secure Linux sandboxing tools around nowadays, e.g Bubblewrap, which should be investigated instead.

This is not to say that Linux sandboxing is unimportant, nor that seccomp filters are not an important component of a Linux sandbox. It is to say that seccomp filters are not suitable as the *primary* security mechanism in an effective sandbox. It was never intended for that role, anyway.
Comment 1 Michael Catanzaro 2016-05-05 12:14:02 PDT
Created attachment 278178 [details]
Patch
Comment 2 Csaba Osztrogonác 2016-05-10 07:32:23 PDT
Comment on attachment 278178 [details]
Patch

Let's land it, cq+
Comment 3 WebKit Commit Bot 2016-05-10 07:55:12 PDT
Comment on attachment 278178 [details]
Patch

Clearing flags on attachment: 278178

Committed r200621: <http://trac.webkit.org/changeset/200621>
Comment 4 WebKit Commit Bot 2016-05-10 07:55:18 PDT
All reviewed patches have been landed.  Closing bug.