PostgreSQL considers seccomp() filters
PostgreSQL considers seccomp() filters
Posted Oct 2, 2019 22:21 UTC (Wed) by Cyberax (✭ supporter ✭, #52523)In reply to: PostgreSQL considers seccomp() filters by rweikusat2
Parent article: PostgreSQL considers seccomp() filters
This is just nonsense. Reducing amount of code exposed to attacker reduces the chances that an exploitable bug will be accessible to them.
> There's some outright paradoxical reasoning in here: seccomp is supposed to defend against the issue that it's conjectured to be impossible to determine if the implementation of a given system call is free of exploitable errors
You clearly live in a fantasy world. The seccomp sandboxing is designed to prevent access to as much of the attack surface as possible. This automatically makes sure that the probability of an exploit goes down.
Note the word "probability". This is not prevention, it's mitigation.
History shows that this approach actually works in practice. Even the misguided SELinux has prevented multiple exploitable bugs.
Posted Oct 3, 2019 17:04 UTC (Thu)
by rweikusat2 (subscriber, #117920)
[Link] (1 responses)
Posted Oct 4, 2019 8:43 UTC (Fri)
by cyphar (subscriber, #110703)
[Link]
(As an aside, note that Docker doesn't user user namespaces by default, LXC has been protected against even more exploits. But that's a very different topic.)
PostgreSQL considers seccomp() filters
PostgreSQL considers seccomp() filters