About Archive Tags RSS Feed

 

Entries tagged seccomp

A heady mixture of photography and programming

29 May 2012 21:50

The past few weeks have consisted of a heady mixture of taking interesting pictures of cute people, and writing code.

I spent a while getting to grips with seccomp filters, using the facilities present in recent GNU/Linux Kernels to filter system calls binaries are allowed to make.

My initial test was to patch GNU Less to only allow it to open, read, and close files. The side-effect of this was that the built in shell-escape was closed, thus allowing me to test it.

After that I toyed around with interfacing with spidermonkey|seamonkey. In this regard I was less succesful, but I did manage to write code in C that would invoke javascript functions loaded dynamically. Similarly I could call from my (loaded) javascript code into functions defined in C.

I don't have a use for a Javascript to/from C bridge, but I'm sure that time will come.

Photography has been a constant distraction, I took some fun shots of the Edinburgh Marathon, and then distracted myself with a volunteer to take an abstract fishnet photograph. We went on to do some more fun shots begin careful to stay on the safe side of the NSFW limit. I think this is borderline NSFW, but we were both clear exactly what we wanted and we got it perfectly there.

Next week will be quieter, but providing we don't have another mini-heatwave in Edinburgh I'll be cheerful regardless.

ObQuote: One, two, Freddy's coming for you. - A Nightmare on Elm Street (original)

| No comments

 

Another day, another upgrade

22 July 2012 21:50

Tonight I upgraded my personal machine to run the recently released 3.5[.0] kernel.

On my personal machine(s) I'm usually loathe to change a running kernel, but this one was a good step forward because it allows me to experiment with seccomp filters.

I've tested the trivial "no new privileges" pctl and I followed along with the nice seccomp tutorial which gave me simple working code which I married to my javascript interpreter.

On top of that I upgraded node.js, which meant I had to clean up a little depreciated code in my node reverse proxy - which is the public face of the websites I run upon my box. (The proxy tunnels to about 10 different thttpd instances, each running upon 127.0.0.1:xx).

Happily however my weekend was not full of code, it was brightened by the opportunity to take pictures of Aurora and her long hair - more to come as I've still got about 350 images to wade through..

ObQuote: "Don't you think I make a remarkable queen? " - St. Trinian's (2007)

| No comments