[Webkit-unassigned] [Bug 157380] New: [Linux] Remove seccomp filters support

Thu May 5 12:08:03 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=157380

            Bug ID: 157380
           Summary: [Linux] Remove seccomp filters support
    Classification: Unclassified
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com

Remove seccomp filters support. Seccomp filters are an experimental feature that is not currently used in any port and just didn't pan out. This code is not currently secure, nobody is working on making it secure, and it requires a complete architectural rewrite as whitelisting individual files and syscalls is not reasonable or scalable. There are many actually secure Linux sandboxing tools around nowadays, e.g Bubblewrap, which should be investigated instead.

This is not to say that Linux sandboxing is unimportant, nor that seccomp filters are not an important component of a Linux sandbox. It is to say that seccomp filters are not suitable as the *primary* security mechanism in an effective sandbox. It was never intended for that role, anyway.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160505/c4cd5003/attachment.html>