WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WONTFIX
140072
[GTK] Enable seccomp filters by default
https://bugs.webkit.org/show_bug.cgi?id=140072
Summary
[GTK] Enable seccomp filters by default
Michael Catanzaro
Reported
2015-01-04 20:42:58 PST
Don't commit this yet :)
Attachments
Patch
(3.16 KB, patch)
2015-01-04 20:45 PST
,
Michael Catanzaro
no flags
Details
Formatted Diff
Diff
[GTK] Enable seccomp filters by default
(3.26 KB, patch)
2015-03-23 15:45 PDT
,
Michael Catanzaro
no flags
Details
Formatted Diff
Diff
[GTK] Enable seccomp filters by default
(3.20 KB, patch)
2015-03-23 15:48 PDT
,
Michael Catanzaro
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Michael Catanzaro
Comment 1
2015-01-04 20:45:32 PST
Created
attachment 243961
[details]
Patch
Michael Catanzaro
Comment 2
2015-03-23 15:45:11 PDT
Created
attachment 249291
[details]
[GTK] Enable seccomp filters by default
Michael Catanzaro
Comment 3
2015-03-23 15:48:04 PDT
Created
attachment 249292
[details]
[GTK] Enable seccomp filters by default
Michael Catanzaro
Comment 4
2016-01-18 19:02:01 PST
The current seccomp filters code does not provide any meaningful security, and is certainly worse than no sandbox at all due to the high likelihood that it will unexpectedly break something by inappropriately denying access to a file. We might be better off deleting all this code and starting from scratch (perhaps using mount namespaces), rather than try to enforce a filesystem access policy with seccomp filters. We should use seccomp filters to enforce a short syscall blacklist regardless, but that is much simpler than what we have now, and none of the current code is useful for that. (A syscall whitelist -- the approach I attempted -- is far to fragile.)
Thiago Marcos P. Santos
Comment 5
2016-02-10 16:13:54 PST
The idea of trying something with seccomp was because at the time it was the only mechanism available in many distros that wouldn't require special privileges to create the sandbox. Obviously trapping just a few syscalls won't give much, but the plan was to incrementally grow and add more filters.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug