Yo Hal! On Tue, 26 May 2020 18:23:55 -0700 Hal Murray via devel <devel@ntpsec.org> wrote:
> I was thinking of putting the individual lists in ntpd/seccomp/
> with something like
> #include "seccomp/foo.c"
> in ntp_sandbox.
Why not just load a text file at runtime during startup?
seccomp does not protect against hacked binary or config files. It
protects against runtime exploits. So no added attack surface by
using a config file.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgpHF8Feqljvu.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
