mirror of
https://github.com/joleuger/vuinputd.git
synced 2026-07-17 09:17:23 +00:00
571 B
571 B
Security
Small code base
Fuzzing
Audit
Unsafe code
Known problem: A lot of unsafe code. Open are ideas to mitigate this issue.
seccomp, AppArmor, SELinux, cgroups mounts, /sys read-write
This is a big TODO. Which permissions can be reduced. Now we assume we are quite privileagued:
- We have all Linux kernel capabilities,
- The default seccomp profile is disabled,
- The default AppArmor profile is disabled,
- The default SELinux process label is disabled,
- all host devices are accessible,
- /sys is read-write,
- cgroups mount is read-write.