Next: , Previous: , Up: Introduction to the library   [Contents][Index]


6.1.6 Running in a sandbox

Given that TLS protocol handling as well as X.509 certificate parsing are complicated processes involving several thousands lines of code, it is often desirable (and recommended) to run the TLS session handling in a sandbox like seccomp. That has to be allowed by the overall software design, but if available, it adds an additional layer of protection by preventing parsing errors from becoming vessels for further security issues such as code execution.

GnuTLS requires the following system calls to be available for its proper operation.

As well as any calls needed for memory allocation to work. Note however, that GnuTLS depends on libc for the system calls, and there is no guarantee that libc will call the expected system call. For that it is recommended to test your program in all the targetted platforms when filters like seccomp are in place.

An example with a seccomp filter from GnuTLS’ test suite is at: http://gitlab.com/gnutls/gnutls/blob/master/tests/seccomp.c.