Page MenuHomePhabricator

research seccomp for better python script security
Closed, ResolvedPublic


Find out if seccomp (and/or would be useful to increase security.

A good good candidate for testing and confinement, because relatively simple to play with, would be url_to_unixtime (T102). Later also control-port-filter-python.

See also:


  • research PyPy for better python script security: T129 [if we start using pypy, we might not need T128]


Needs Triage

Event Timeline

Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: python, security.
Patrick added subscribers: Patrick, HulaHoop.
Patrick renamed this task from research seccomp for python scripts to research seccomp for better python script security.Feb 4 2015, 10:15 PM
Patrick added a project: sdwdate.
Patrick added a subscriber: nrgaway. would have needed a lot of effort to extend to be able to meet cpfp's syscall requirements while making sure its still secure. prctl's interface is far from pythonic to deal with. Not a solution that scales.

systemd.exec integrates and exposes Linux's security features in an easy to use manner. It was chosen instead.,1313