You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some applications use s2n-tls in a sandboxed environment which restricts the syscalls that a process is able to make. After s2n_init(), only essential syscalls should be performed to increase compatibility in these environments. A test should be added which initializes s2n-tls, enables seccomop with the necessary syscalls permitted, and performs a handshake, ensuring that unexpected syscalls aren't made.
Problem:
Some applications use s2n-tls in a sandboxed environment which restricts the syscalls that a process is able to make. After s2n_init(), only essential syscalls should be performed to increase compatibility in these environments. A test should be added which initializes s2n-tls, enables seccomop with the necessary syscalls permitted, and performs a handshake, ensuring that unexpected syscalls aren't made.
Changes may need to be made to s2n_init() in order to avoid lazily initializing libcrypto features that make syscalls. See: https://github.com/aws/aws-lc/blob/3c221518cc8f054209112f71b233c2404c5a8a3e/include/openssl/crypto.h#L75
AWS-LC added a similar test that we may be able to borrow from: aws/aws-lc#1835
Solution:
Add a seccomp test to ensure that s2n-tls is able to run in sandboxed environments.
The text was updated successfully, but these errors were encountered: