ferranbt
commented
3 weeks ago Hey, I do not have a lot of context on libseccomp. Is this something you enable on the VMs or in the Rust program?
Open ghost opened 1 month ago
ferranbt
commented
3 weeks ago Hey, I do not have a lot of context on libseccomp. Is this something you enable on the VMs or in the Rust program?
ghost
commented
3 weeks ago Hey, it's something we use along with rust app to limit syscall to kernel from the app itself.
ferranbt
commented
3 weeks ago How is it configured/enabled in this specific repo?
ghost
commented
3 weeks ago You can check an example imlpementation here in cloudflare's foundation: https://github.com/cloudflare/foundations/blob/afd9094db7581f6db79b64f2eee79458997bd1f0/foundations/build.rs#L96
I suggest integrating libseccomp to further enhance the security of the builder app. libseccomp is a BPF application in Linux that filters the kind of syscalls the application can make. For example: if the attacker somehow can run arbitrary code ( we ignore how they can do it ) through a bug within the application, they can make malicious syscalls like fork, execve. Think of it like a lightweight sandbox around the current application. TDX provides an overall secure VM blackbox, but it doesn't prevent bad code being exploited within the application. There will be a small performance hit since BPF is very lightweight, need to measure how much it is to work with TDX.