At Wed, 18 Mar 2015 13:19:51 +1300, [email protected] wrote: > > On Tue, Mar 17, 2015 at 05:37:13PM -0400, Benjamin Barenblat wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > Should we be thinking about seccomp for the binaries 'urweb' makes? > > > > Seccomp is a Linux capabilities system that lets an application define > > and institute a policy for allowed system calls. This is normally used > > to allow applications to JIT and execute untrusted code (most notably in > > Google Chrome), but it could also be a powerful tool to help mitigate > > exploits against Ur/Web CGI and FastCGI binaries. > > > > Obviously, this would do nothing for OS X users, but OS X servers are > > sufficiently rare (and Linux-based servers are sufficiently common) that > > this could still be a net win. > > > > What do you think – might modifying 'urweb'’s code generator to add > > seccomp to the binaries it produces be a good idea? > > > > Benjamin, > > Could you please explain, why do you propose to ignore Mac and BSD users and > divert Ur/Web focus to linux-specific "features"? > > What kind of "untrusted" code are you talking about in Ur/Web binaries? > > Best regards, > Alexander >
I have to second Alexander here, as I'm a FreeBSD user, but so long as Ur/Web is easy to compile on non-Linux platforms, I have no problem with such support (provided that someone is willing to write a code generator for such a binary). Regards, Tim _______________________________________________ Ur mailing list [email protected] http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
