Author: Peter Todd 2014-02-21 11:06:02
Published on: 2014-02-21T11:06:02+00:00
In a discussion about the benefits of process separation, Jeff Garzik argues that it increases the difficulty of accessing key data from the blockchain engine (BCE), and changes the attack surface. While Mike Hearn is not convinced that this is true, he does agree that process separation is necessary for sandboxing. He suggests using seccomp mechanism, which is a syscall whitelister that makes ptrace useless, among other things. Peter Todd chimes in, suggesting to use seccomp with chroot and whitelist the open() call so that the existing code can create new blockfiles and do whatever leveldb does.
Updated on: 2023-06-08T03:14:11.703658+00:00