| From: |
| Andres Freund <andres-AT-anarazel.de> |
| To: |
| Joshua Brindle <joshua.brindle-AT-crunchydata.com> |
| Subject: |
| Re: RFC: seccomp-bpf support |
| Date: |
| Wed, 28 Aug 2019 11:53:02 -0700 |
| Message-ID: |
| <20190828185302.rmc66g45ev7gv5ib@alap3.anarazel.de> |
| Cc: |
| Tom Lane <tgl-AT-sss.pgh.pa.us>, Joe Conway <mail-AT-joeconway.com>, PostgreSQL-development <pgsql-hackers-AT-postgresql.org> |
| Archive-link: |
| Article |
Hi,
On 2019-08-28 14:47:04 -0400, Joshua Brindle wrote:
> A prime example is madvise() which was a catastrophic failure that 1)
> isn't preventable by any LSM including SELinux, 2) isn't used by PG
> and is therefore a good candidate for a kill list, and 3) a clear win
> in the dont-let-PG-be-a-vector-for-kernel-compromise arena.
IIRC it's used by glibc as part of its malloc implementation (also
threading etc) - but not necessarily hit during the most common
paths. That's *precisely* my problem with this approach.
Greetings,
Andres Freund
