Hi Simon, As part of my Google summer internship project I have implemented a sandbox for dnsmasq, based on Linux seccomp-bpf and mount namespace, with tests and documentation.
Such sandbox provides defense in depth to dnsmasq, by restricting what files it can access and which syscalls it can make, in case remote code execution vulnerabilities are discovered in dnsmasq. Would you be interested in reviewing my patches and maybe integrate them in dnsmasq? Please find attached my patch against master head, but let me know if there is another way for us to review and discuss the change. Kind regards, Denis Solonkov
dnsmasq_sandbox.patch.tar.gz
Description: application/gzip
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
