/plushcap/analysis/cloudflare/sandboxing-in-linux-with-zero-lines-of-code

Sandboxing in Linux with zero lines of code

What's this blog post about?

Linux seccomp is a powerful security feature that allows applications to restrict their system call usage, thereby limiting potential attack vectors. By using seccomp, developers can create sandboxes for their applications without writing any additional code. This post explores the use of seccomp in practice and provides examples of how it can be used to protect against arbitrary code execution exploits. The Cloudflare sandbox toolkit is also introduced as a convenient way to enforce seccomp policies on both dynamically linked and statically linked applications.

Company
Cloudflare

Date published
July 8, 2020

Author(s)
Ignat Korchagin

Word count
4387

Language
English

Hacker News points
12


By Matt Makai. 2021-2024.