-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUG: misleading name of test 18-sim-basic_whitelist #35
Comments
Yes, it should probably be renamed, but to be honest, the name of these isn't very important, the content of the test is what matters. |
Enhancement suggestion: It would be nice to additionally have a whitelisting test. Test cases tend to be used by developers as reference or code example. 👍 I just found a library (not written by me) which had basically the same bug. It meant to do whitelisting with seccomp but actually did blacklisting. I cannot tell whether this was an independent bug or maybe subconsciously induced by this test case. By the way: do you want me to delete this comment and open a separate issue for this? |
Hi,
I was reading tests/18-sim-basic_whitelist.c.
If I understand it correctly, it does the following:
read
,write
,close
, andrt_sigreturn
syscalls (only if they act on stdin, stdout, stderr).This is not whitelisting, this is blacklisting.
Should the file be renamed? Should all
KILL
s andACCEPT
s be swapped to achieve whitelisting?It would be nice to have a true whitelisting example, since this is the strongly recommended use of seccomp.
The text was updated successfully, but these errors were encountered: