On Sat, 2015-02-14 at 15:31 -0800, David Lang wrote: > > I've also enabled the ocserv package to use seccomp if configured to, > > but in order for that protection to become meaningful for other > > programs to use as well, it would also need the default kernel option to > > enable seccomp filter. > It needs the kernel support to use the seccomp filter, but why is this so > critical that it must be enabled by default?
Being critical isn't the only reason for enabling kernel options on openwrt. IPv6 isn't critical, many can live without it, but still it is there. The question is whether the added value of seccomp justifies the few kilobytes spent. My opinion on that, is that exploits on a router are more grave than on a PC, because a router is harder to upgrade, and an issue is harder to notice. For that a mechanism like seccomp which can contain potential damage, is very useful on openwrt. regards, Nikos _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
