Add some more references to readme and todo

boustrophedon · Mar 13, 2022 · 39b1083 · 39b1083
1 parent b85fb66
commit 39b1083
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -71,6 +71,8 @@ So you can be extra safe. Suppose your program has a dependency with an undiscov
     - If your program doesn't need network access, don't give it access (but then you aren't really exploitable anyway in most cases)
     - Logging in a separate thread that doesn't have network access
 - Exploits involving executing SUID-root binaries rely on being able to fork and exec.
+- https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
+  - nftables relies on being able to create sockets with type `AF_NETLINK`, which can be filtered with seccomp
 
 # Caveats
 

diff --git a/todo.txt b/todo.txt
@@ -43,6 +43,8 @@ SafetyContext::new()
 .isolate_process()
 ``` 
 
+see also https://blog.lizzie.io/linux-containers-in-500-loc.html
+
 # Remove all dependencies
 If you're using extrasafe to provide extra security, it then becomes a target for vulnerabilities, including supply-chain attacks.