gnovm: add syscall filtering to ensure no Virtual Machine escapes from exploits and vulnerabilities #3613
Comments
|
Thanks, this is a good suggestion. I looked into a manually created list of "dangerous" functions in this issue: #3579 (comment) But a sandbox approach would be superior. |
kristovatlas
added
🌱 feature
|
@Kouteki this should probably get backlogged until after mainnet beta launch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
For the promises and security guarantees of a smart contracting language and platform, we need to ensure that if we promise that network calls or filesystem manipulation calls etc cannot be made by a call within the VM that we actually restrict related syscalls.
The Linux kernel provides “seccomp” for which there are Go bindings https://pkg.go.dev/github.com/seccomp/libseccomp-golang which we can use to restrict such calls and then log such attempts too and then increase security.
Firstly we should figure out what abilities that we want the gnovm to have and exclude everything else and build on what needs to be permitted.
The text was updated successfully, but these errors were encountered: