Open l0kod opened 3 weeks ago
This is a recap of yesterday's meeting (see #1382) about script execution control on Linux, and how it compares to #1364 (see https://github.com/nodejs/node/pull/54364). @RafaelGSS, @mhdawson, @rdw-msft, and I were attending.
LWN published an article about this new feature: Restricting execution of scripts — the third approach
I gave a talk last week that explains the goal, the challenges, and the current approach: Closing the script execution control gap
The changes required for Node.js would be:
Here is a proof of concept for Python (using the original securebits): https://github.com/zooba/spython/pull/12
Latest kernel patch series: https://lore.kernel.org/all/20240704190137.696169-1-mic@digikod.net/
I'll update this issue with the next patches (which will include an enlighten toy script interpreter).
@l0kod thanks for createing the issue and the links to additional info.
This is a recap of yesterday's meeting (see #1382) about script execution control on Linux, and how it compares to #1364 (see https://github.com/nodejs/node/pull/54364). @RafaelGSS, @mhdawson, @rdw-msft, and I were attending.
LWN published an article about this new feature: Restricting execution of scripts — the third approach
I gave a talk last week that explains the goal, the challenges, and the current approach: Closing the script execution control gap
The changes required for Node.js would be:
Here is a proof of concept for Python (using the original securebits): https://github.com/zooba/spython/pull/12
Latest kernel patch series: https://lore.kernel.org/all/20240704190137.696169-1-mic@digikod.net/
I'll update this issue with the next patches (which will include an enlighten toy script interpreter).