Linux and seccomp and Lua, or: List of implicit system calls?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Linux and seccomp and Lua, or: List of implicit system calls?
From: "Dr. Markus Walther" <walther@...>
Date: Sun, 10 May 2009 20:22:24 +0200

Hi all,

"seccomp is a simple sandboxing mechanism for the Linux kernel.
It allows a process to make a one-way transition into a "secure" state
where it cannot make any system calls except exit(), read() and write()
to already-open file descriptors. Should it attempt any other system
calls, the kernel will terminate the process" (from Wikipedia)

I'm trying to find out whether this a feasible mechanism to use with Lua
applications.

Suppose therefore a process is running a Lua app, initializing itself
and setting up pipes as needed before setting the seccomp bit.

Now a programmer can easily deduce which system calls will be issued by
e.g. io.write/read/popen, or os.execute, and others. The same for using
libraries like e.g. luasocket.

Also, a custom memory allocator could be used to avoid memory allocation
system calls like brk().

But my question to the list and Lua implementors is this:
- what non-obvious, non-user-controlled system calls - if any - will be
triggered by pure Lua programs using only the standard libraries?
- if so, which language construct(s) would invoke these?

Thanks a lot in advance, Markus

Follow-Ups:
- Re: Linux and seccomp and Lua, or: List of implicit system calls?, Tony Finch
- Re: Linux and seccomp and Lua, or: List of implicit system calls?, Luiz Henrique de Figueiredo

Prev by Date: Re[2]: Controlling lua features
Next by Date: Re: [ANN] Penlight Libraries, First release
Previous by thread: Getting Lua AIO to work on Windows
Next by thread: Re: Linux and seccomp and Lua, or: List of implicit system calls?
Index(es):
- Date
- Thread