SUD is not a great choice of primary mechanism (it still has the double-trap overhead) but it's a good backstop for syscalls coming from unexpected places (cf #10). We should probably enable it and handle the SIGSYS with an error message and terminating the process.
We might still want to paranoid-scan our own text, to avoid unwanted syscall bytes within the SUD allowlist range? Though in the absence of control-flow integrity, jumps into our text's wanted syscall bytes might still be possible, so perhaps this doesn't save much. I have various ideas about stashing this text inside the "blind spot" created by non-canonical offsets, but that is overkill for now....
SUD is not a great choice of primary mechanism (it still has the double-trap overhead) but it's a good backstop for syscalls coming from unexpected places (cf #10). We should probably enable it and handle the SIGSYS with an error message and terminating the process.
We might still want to paranoid-scan our own text, to avoid unwanted syscall bytes within the SUD allowlist range? Though in the absence of control-flow integrity, jumps into our text's wanted syscall bytes might still be possible, so perhaps this doesn't save much. I have various ideas about stashing this text inside the "blind spot" created by non-canonical offsets, but that is overkill for now....