[Poppler-bugs] [Bug 100224] [PATCH] Seccomp sandbox support for pdftotext
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Thu Mar 16 17:52:00 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=100224
--- Comment #2 from valo <hanado990 at mailbox.org> ---
Yes I did not put much thought into the makefiles, as I mainly wanted to see
how well this works and if you are interested in this.
Thank you for the advice about 'git format-patch'. That looks like a nice
feature I didn't know about.
Regarding maintainability, you addressed an important point.
I have bee thinking about this for some time and wondered if the pledge
approach from openBSD might be better suited in this regard then seccomp is.
Syscalls can change with different libraries and even when their versions
change and this makes white listing quite tricky. An easy but less secure
sulotion would be to switch to blacklisting only dangerous syscalls that should
never be used by the application (like execve and ptrace). On the other hand I
believe this can be covered with automated tests to make sure the filter is
still correct with every new release.
I would like to see this be tested on some small utility like pdftotext and
depending on the results it might be worth to adopt this into other
applications as well.
Please note that this kind of syscall filter is currently also available for
mupdf and evince https://github.com/LinuxSandboxingProject
Similar difficulties can be observed with those applications.
But pdftotext might be simple enough to be a valid target.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170316/d0c7c134/attachment.html>
More information about the Poppler-bugs
mailing list