Confirm
502
edits
Changes
m
no edit summary
* All access to resources <b>must</b> happen via IPDL, this means:
** No filesystem access
** Very limited access to the kernel's system calls (no ioctl(), etc.). By restriction system calls, the attack surface exposed by the kernel to web applications is greatly reduced
** No execution of native code
** Fuzzing of IPDL
==== Seccomp ====
Secure computing mode (seccomp) is a Linux kernel system call that allow us to limit which system calls (and any sub-process spawned from that point forward) can be used the process.
This is the preferred most secure sand-box implementation.
* Seccomp mode 2:
|}
=== Linux DAC's ACLs ===The Linux DAC's ACLS represents the well-known Linux filesystem permission model. (The traditional User, /group, /others owners and read, write, execute modes- NOT Linux POSIX 1.e ACLs).
* The app_0/nobody user has no write access to any file
