Bug 157380

Summary: [Linux] Remove seccomp filters support
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKit2Assignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, clopez, commit-queue, gyuyoung.kim, jh718.park, mcatanzaro, ossy, tmpsantos, tonikitoo
Priority: P2    
Version: Other   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch none

Michael Catanzaro
Reported 2016-05-05 12:08:03 PDT
Remove seccomp filters support. Seccomp filters are an experimental feature that is not currently used in any port and just didn't pan out. This code is not currently secure, nobody is working on making it secure, and it requires a complete architectural rewrite as whitelisting individual files and syscalls is not reasonable or scalable. There are many actually secure Linux sandboxing tools around nowadays, e.g Bubblewrap, which should be investigated instead. This is not to say that Linux sandboxing is unimportant, nor that seccomp filters are not an important component of a Linux sandbox. It is to say that seccomp filters are not suitable as the *primary* security mechanism in an effective sandbox. It was never intended for that role, anyway.
Attachments
Patch (122.88 KB, patch)
2016-05-05 12:14 PDT, Michael Catanzaro 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2016-05-05 12:14:02 PDT
Created attachment 278178 [details] Patch
Csaba Osztrogonác
Comment 2 2016-05-10 07:32:23 PDT
Comment on attachment 278178 [details] Patch Let's land it, cq+
WebKit Commit Bot
Comment 3 2016-05-10 07:55:12 PDT
Comment on attachment 278178 [details] Patch Clearing flags on attachment: 278178 Committed r200621: <http://trac.webkit.org/changeset/200621>
WebKit Commit Bot
Comment 4 2016-05-10 07:55:18 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.