Yo Eric! On Wed, 2 Sep 2020 05:52:54 -0400 "Eric S. Raymond via devel" <devel@ntpsec.org> wrote:
> Hal Murray <hmur...@megapathdsl.net>:
> > You keep saying seccomp is important. What does it buy us? ntpd
> > is a big complicated program. It reads and writes files. It opens
> > network connections. What else would a bad guy need to do?
>
> I think you misunderstand. I don't believe seccomp is objectively
> very important in itself, and never have. My problem with dropping it
> is that if we do that, we could be seen to have abandoned part of a
> security defense in depth because it's too much work. That's not a
> good look for a project with our mission statememt.
Sadly, I agree with both of you.
I agree with Hal that seccomp is mere security theater. One that
requires a lot of effort to sustain, for no actual value.
I agree with Eric that the perception that seccomp makes systems
safer is also strong. That (mis)perception has value for NTPsec.
So, as Eric said:
"You should assign seccomp-related bugs to me and I will deal with them."
He wants to carry the load, let him.
"Think of this as incentive for me to get serious about moving the
daemon to Go"
Lost me. seccomp applies to Go as much as it applies to C.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgpQaFGToseSy.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
