GNU bug report logs - #45344
[Patch 0/2] Libwaive for signify

Previous Next

Package: guix-patches;

Reported by: Vincent Legoll <vincent.legoll <at> gmail.com>

Date: Sun, 20 Dec 2020 18:50:02 UTC

Severity: normal

Tags: patch

Done: Vincent Legoll <vincent.legoll <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #29 received at 45344 <at> debbugs.gnu.org (full text, mbox):

From: Vincent Legoll <vincent.legoll <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: 45344 <at> debbugs.gnu.org
Subject: Re: [bug#45344] [Patch 0/2] Libwaive for signify
Date: Sun, 21 Feb 2021 10:55:16 +0100

Hello,

On Sun, Feb 21, 2021 at 12:09 AM Leo Famulari <leo <at> famulari.name> wrote:
> I noticed that libwaive hasn't been active in a few years. I wonder if
> it's something we should pursue...

libwaive is a single-file C (~300 LOCs [1]) source code library, I glanced over
it and it looks straightforward enough. I compared it to the seccomp manpage
[2] code samples and saw nothing suspicious.

I think it may not have been updated for newly added syscalls, but that
should not make it unsecure, mainly because what is not explicitely allowed
is prevented from use (default-locked policy [3]).

So, I'll wait for a bit more feedback before working on this, but I think
it may still be a worthwhile addition.

WDYT ?

[1] https://github.com/dimkr/libwaive/blob/master/waive.c
[2] https://man7.org/linux/man-pages/man3/seccomp_rule_add.3.html
[3] https://en.wikipedia.org/wiki/Seccomp

-- 
Vincent Legoll
This bug report was last modified 1 year and 61 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.