| 1 |
On Fri, 22 Sep 2017 06:07:18 +0200 |
| 2 |
Michał Górny <mgorny@g.o> wrote: |
| 3 |
|
| 4 |
> W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt Turner |
| 5 |
> napisał: |
| 6 |
> > On Thu, Sep 21, 2017 at 2:25 PM, Michał Górny <mgorny@g.o> |
| 7 |
> > wrote: |
| 8 |
> > > Given that sandbox is utterly broken by design, I don't really |
| 9 |
> > > want to put too much effort in trying to make it a little better. |
| 10 |
> > > I'd rather put the minimal effort required to make it |
| 11 |
> > > not-much-worse. |
| 12 |
> > |
| 13 |
> > You said in your initial email that you weren't an expert in its |
| 14 |
> > internals, but here you say it's broken by design. Why do you think |
| 15 |
> > that? |
| 16 |
> > |
| 17 |
> |
| 18 |
> Because it uses LD_PRELOAD which is a huge hack and which causes |
| 19 |
> guaranteed issues we can't really fix. All we can do is disable it for |
| 20 |
> emacs, for compiler-rt and I'm afraid this list will grow because |
| 21 |
> overriding random library functions is never a good idea. |
| 22 |
> |
| 23 |
|
| 24 |
I think we're all ears for a better solution. There are probably much |
| 25 |
better ways to do sandboxing these days than 15 years ago. |
| 26 |
|
| 27 |
LD_PRELOAD does not work with static binaries. Hence the non |
| 28 |
portable ptrace stuff. Hence bugs. Etc. The point is, that's the |
| 29 |
best we have now. |
| 30 |
|
| 31 |
|
| 32 |
Alexis. |
Archives