Seccomp Mode 2 Filters

Just a short post to bring attention to seccomp mode 2 filters. There is not enough hype about this, probably because it’s not in the vanilla kernel yet (that I know of.)

Seccomp filters let programs whitelist calls that they can make to the kernel. Whitelisting syscalls reduces kernel attack surface, which will prevent privilege escalation exploits. Seccomp is already built into Chrome/ Chromium to reinforce the Chrome Linux sandbox, OpenSSL 6.0 supports it as well as vsftpd. I’d really like to see it in cupsd and various other services (actually I’d like to see a lot compiled with it.)

Tags: , , , , , , , ,

About insanitybit

Novice programmer interested in computer security. I'll use this blog when I'm bored to post about things I find interesting in that field.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: