As explained in the previous post, seccomp can be used for protecting the system and users from misbehaving and exploited applications. But there has to be some work done to actually enable the protection it offers. That’s where the programming part starts and possibly some exploration of the application …
read moreSeccomp sandboxes and memcached example, part 1
Many programs running for a long time on some server do not do random, unpredictable things. They actually have a pretty well defined set of behaviours and anything that is outside of that set could be automatically treated as a bug, or a hack. For example databases do a lot …
read moreReducing a network problem to a file problem (fuzzing)
There’s been a number of issues lately found by fuzzing input files (strings, lesspipe, various image issues, etc.), but these are all stateless apps / libraries. It’s much easier to fuzz input for strings for example, than client input to mysql server. The fuzzing project is actually concentrating on …
read moreThings that go boom and hang with vagrant and arch
Here’s a list of things that currently fail when trying to run vagrant under Arch. Hopefully I hit most of the keywords from errors and you’re reading this because you ran into one of those.
Vagrant is not an official Arch package.
It’s in AUR though - https …
read more