|
|
Subscribe / Log in / New account

vDSO, 32-bit time, and seccomp

vDSO, 32-bit time, and seccomp

Posted Aug 17, 2019 5:13 UTC (Sat) by gnoack (subscriber, #131611)
In reply to: vDSO, 32-bit time, and seccomp by khim
Parent article: vDSO, 32-bit time, and seccomp

This would be a good start, but the problems with not understanding user space behaviour are still big compared to kernel compatibility issues.

For example, different libcs use different syscalls, which is the first thing to be compatible with.

Shared library loading can lead to very unexpected behaviour as well. LD_PRELOAD is one example. Another one is that when resolving hostnames, libnss in glibc loads shared modules for resolution behavior, and it's very difficult to predict what these will do. (OpenBSDs pledge has a special case for DNS as well, I believe so that they can distinguish between DNS and other UDP.)

In the end, with seccomp you need a very good control of how a program is built, which libc it uses, and in the case of glibc+DNS even how the system is configured. That seems unrealistic.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds