Sandboxing in Linux with zero lines of code
Linux seccomp is a powerful security feature that allows applications to restrict their system call usage, thereby limiting potential attack vectors. By using seccomp, developers can create sandboxes for their applications without writing any additional code. This post explores the use of seccomp in practice and provides examples of how it can be used to protect against arbitrary code execution exploits. The Cloudflare sandbox toolkit is also introduced as a convenient way to enforce seccomp policies on both dynamically linked and statically linked applications.
Company
Cloudflare
Date published
July 8, 2020
Author(s)
Ignat Korchagin
Word count
4387
Language
English
Hacker News points
12