1 |
W dniu pią, 22.09.2017 o godzinie 12∶57 +0200, użytkownik Alexis Ballier |
2 |
napisał: |
3 |
> On Fri, 22 Sep 2017 06:07:18 +0200 |
4 |
> Michał Górny <mgorny@g.o> wrote: |
5 |
> |
6 |
> > W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt Turner |
7 |
> > napisał: |
8 |
> > > On Thu, Sep 21, 2017 at 2:25 PM, Michał Górny <mgorny@g.o> |
9 |
> > > wrote: |
10 |
> > > > Given that sandbox is utterly broken by design, I don't really |
11 |
> > > > want to put too much effort in trying to make it a little better. |
12 |
> > > > I'd rather put the minimal effort required to make it |
13 |
> > > > not-much-worse. |
14 |
> > > |
15 |
> > > You said in your initial email that you weren't an expert in its |
16 |
> > > internals, but here you say it's broken by design. Why do you think |
17 |
> > > that? |
18 |
> > > |
19 |
> > |
20 |
> > Because it uses LD_PRELOAD which is a huge hack and which causes |
21 |
> > guaranteed issues we can't really fix. All we can do is disable it for |
22 |
> > emacs, for compiler-rt and I'm afraid this list will grow because |
23 |
> > overriding random library functions is never a good idea. |
24 |
> > |
25 |
> |
26 |
> I think we're all ears for a better solution. There are probably much |
27 |
> better ways to do sandboxing these days than 15 years ago. |
28 |
> |
29 |
> LD_PRELOAD does not work with static binaries. Hence the non |
30 |
> portable ptrace stuff. Hence bugs. Etc. The point is, that's the |
31 |
> best we have now. |
32 |
> |
33 |
|
34 |
I know of two obvious alternatives: ptrace and filesystem layer (e.g. |
35 |
FUSE). |
36 |
|
37 |
For the former, there's sydbox. I'm going to look into integrating it |
38 |
into Portage when I have more time. |
39 |
|
40 |
For the latter, I have writing one in TODO. But I'm not sure when I'll |
41 |
have enough time to do work on it. |
42 |
|
43 |
-- |
44 |
Best regards, |
45 |
Michał Górny |