Commits on Dec 3, 2019

1. Add a basic seccomp profile to zhm …

   Prevent zhm from doing some evil things while it runs (e.g., ptracing)
   by implementing a basic seccomp-bpf filter. The filter still allows a
   lot of potentially dangerous operations (e.g., unlink(2)), but this is
   a good start.
   
   The filter is based partly on a close reading of the zhm and libhesiod
   source code and partly on empirical evidence from running zhm under
   strace. I’ve run zhm with this filter for several days without
   incident, but some edge cases (e.g., server failover) are still
   untested.
   
   configure decides whether or not to enable seccomp by looking for
   libseccomp. By default, it treats seccomp as an enhancement and enables
   it opportunistically. Builders can force seccomp to be enabled or
   disabled by passing --with-seccomp or --without-seccomp, respectively,
   to configure.

   

   bbarenblat committed Dec 3, 2019
   Configuration menu

   • View commit details
   • Copy full SHA for 22a59d2
   • Browse repository at this point

   Copy the full SHA

   22a59d2 View commit details

   Browse the repository at this point in the history

2. debian: Enable seccomp …

   Commit 22a59d2 added basic seccomp
   support to zhm. Since zhm currently runs as root and handles network
   traffic, any sandboxing we can get is a good idea. Take a dependency
   on libseccomp-dev and enable seccomp support for zhm. This breaks
   building on kFreeBSD, but this package doesn’t currently build there
   anyway, so it’s not making things any worse.

   

   bbarenblat committed Dec 3, 2019
   Configuration menu

   • View commit details
   • Copy full SHA for aa8af5b
   • Browse repository at this point

   Copy the full SHA

   aa8af5b View commit details

   Browse the repository at this point in the history