csteipp created this task. csteipp added a subscriber: csteipp. csteipp added a project: Wikidata-Query-Service. Herald added a subscriber: Aklapper. Herald added projects: Wikidata, Discovery.
TASK DESCRIPTION From T90115 > I don't have any concerns/objections about setting this up, I mostly wanted to know the status of the various countermeasures mentioned in this task. > >>What kind of measures do you propose? > > systemd supports various features to restrict running processes, e.g. for restricting filesystem access or through disallowing potentially harmful syscalls using seccomp-bpf. This doesn't need to be present in the initial deployment, but it would be good to add in a followup step. TASK DETAIL https://phabricator.wikimedia.org/T108410 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: csteipp Cc: Aklapper, csteipp, jkroll, Smalyshev, Wikidata-bugs, Jdouglas, aude, Manybubbles, JanZerebecki, Malyacko _______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
