You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I suggest integrating libseccomp to further enhance the security of the builder app.
libseccomp is a BPF application in Linux that filters the kind of syscalls the application can make. For example: if the attacker somehow can run arbitrary code ( we ignore how they can do it ) through a bug within the application, they can make malicious syscalls like fork, execve. Think of it like a lightweight sandbox around the current application.
TDX provides an overall secure VM blackbox, but it doesn't prevent bad code being exploited within the application. There will be a small performance hit since BPF is very lightweight, need to measure how much it is to work with TDX.
The text was updated successfully, but these errors were encountered:
I suggest integrating libseccomp to further enhance the security of the builder app.
libseccomp is a BPF application in Linux that filters the kind of syscalls the application can make. For example: if the attacker somehow can run arbitrary code ( we ignore how they can do it ) through a bug within the application, they can make malicious syscalls like fork, execve. Think of it like a lightweight sandbox around the current application.
TDX provides an overall secure VM blackbox, but it doesn't prevent bad code being exploited within the application. There will be a small performance hit since BPF is very lightweight, need to measure how much it is to work with TDX.
The text was updated successfully, but these errors were encountered: