:: Re: [DNG] Secure computing [Was: Re…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MKevin Chadwick at <-
MKevin Chadwick at ->
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng
Subject: Re: [DNG] Secure computing [Was: Re: Apparmor Excalibur issues]
Le 26/02/2026 à 11:22, Kevin Chadwick via Dng a écrit :
>
> -------- Original Message --------
>
>>     With Seccomp, a program can restrict which system-calls it is allowed to
>> call. The functionality is apparently the same as OpenBSD's Pledge, but with a
>> much more complicated API. The complexity of this API is normal because it is
>> the interface to the system-call proper and there is still no wrapper to this
>> system-call in the C runtime library. Since Pledge isn't available on Linux, it
>> might make sense to develop a userspace wrapper to Seccomp whith the API of Pledge
> Not sure if you've seen this but I guess getting it into glibc would be an
> uphill battle. Maybe I'm wrong but I feel like GNU has NIH possibly due to
> license insanity but maybe some other reason (please correct me if you think I'm
> wrong on this as it's based on articles/hearsay and no direct familiarity).
> Certainly GNUs evaluation of the 0BSD license is lunacy or maybe social
> engineering in my opinion though.
>
> "https://itsfoss.com/pledge-linux-port/"
>
> I've also seen a pledge to seccomp command line tool for Linux but that brings
> all the problems of apparmor/SELinux IMO. The idea was brought up for OpenBSD
> during pledges design and refused by their project leader/designer.
>
    Thanks for the link. The tool is to run securely an untrusted,
buggy, or exploitable binary. I'm not sure this is something I need. My
concern is rather to secure the programs I write, and to make security
obvious to people who possibly review the source.

    By reading a little more, it seems to me that Pledge isn't really
fine-grained. Seccomp is more. Seccomp is implemented through a very
peculiar kernel feature. The kernel provides a way to userspace to store
very simple programs which can be executed by the kernel itself, without
switching context between kernel mode and user mode, which saves time.
These programs are simple enough that they can be verified by the kernel
and can be used, for example, to filter network packets, but apparently
also to filter system calls. Seems the Linux kernel contains everything
you could imagine, and more.

--     Didier

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] dracut needing a fork? apt wants to remove elogind libraries[DNG] Fetchmail service unknown->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)