:: Re: [DNG] Secure computing [Was: Re…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDidier Kryn at <-
MDidier Kryn at ->
Delete this message
Reply to this message
Author: Kevin Chadwick
Date:  
To: dng
Subject: Re: [DNG] Secure computing [Was: Re: Apparmor Excalibur issues]


-------- Original Message --------

>     Thanks for the link. The tool is to run securely an untrusted, buggy, or
> exploitable binary. I'm not sure this is something I need.

I'm not sure how you got that impression

My concern is rather
> to secure the programs I write, and to make security obvious to people who
> possibly review the source.
>

That is how Pledge is designed but it does need kernel or libc support on Linux
by the looks of it.

https://github.com/jart/pledge

>     By reading a little more, it seems to me that Pledge isn't really fine-grained.

Looks like it's using seccomp and landlock to provide the same API of OpenBSDs
pledge that is designed to be easy for a Unix user to work with (Unix syscall
knowledge etc.).
This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] mlterm package omitted?Re: [DNG] dracut needing a fork? apt wants to remove elogind libraries->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)