Thursday, September 19, 2013

lophttpd seccomp trickery

Hey guys, you know what?

I added seccomp sandbox to lophttpd. It is an experimental
Linux-only feature, enabled by -DUSE_SANDBOX compile time switch.

I really should add that feature to the frontend reverse
proxy too as well as getting in touch with FreeBSD's
capsicum in order to support multiple platforms.

The benefit is that, even if lophttpd already runs unprivileged
in a read-only chroot, the impact of potential RCE vulnerabilities is even more restricted. The sandbox also
covers the OpenSSL code, so it is not necessary to use
SSL privilege separation any longer.

To my knowledge lophttpd is the only webserver that supports
seccomp sandbox.

Additionally, I removed any EC or RC4 based cryptography from
the SSL code. Basically what you get now is RSA+AES+SHA
which is believed to be a cipher secure from NSA unlike
NIST based ciphers or probably ECC entirely, not just with
the NIST curves.

No comments: