Right. The whitelist is much better than the blacklist in this case. I will update the code.
Thank you! 2015-03-30 13:57 GMT-04:00 Jann Horn <[email protected]>: > On Mon, Mar 30, 2015 at 01:46:21PM -0400, Cong Zheng wrote: > > It is my cursoriness that I didn't consider other possible system calls. > Do > > you have other comments for this attack and defense? > > Use a whitelist. Using seccomp to blacklist syscalls and syscall arguments > is > tricky for multiple reasons, see > <https://marc.info/?l=linux-man&m=142722231900547&w=2>. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
