Commit 9e8f2ee9 authored by Colin Walters's avatar Colin Walters

seccomp: Add ptrace to blacklist

It's also been a CVE source, although longer in the past.  Having it
can make exploiting race conditions and such easier.
parent 8cee4ab7
......@@ -154,8 +154,11 @@ setup_seccomp_v0 (void)
/* Utterly terrifying profiling operations */
/* Profiling operations; we expect these to be done by tools from outside
* the sandbox. In particular perf has been the source of many CVEs.
/* Blacklist all but unix, inet, inet6 and netlink */
int socket_family_blacklist[] = {
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment