bug-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #42411] gdomap chroots to /tmp


From: Richard Frith-Macdonald
Subject: [bug #42411] gdomap chroots to /tmp
Date: Fri, 25 Jul 2014 10:29:56 +0000
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/7.0.5 Safari/537.77.4

Follow-up Comment #4, bug #42411 (project gnustep):

I agree about 1 and 2 not being options.

I don't agree with (3) since if we don't chroot then we have to assume that
the executable has access to the whole filesystem ... and a chroot to /tmp
can't possibly be less secure than that.

Perhaps though, we could add a command-line argument to specify the directory
to which we should chroot, and only use the existing location if that argument
is not provided?  Then a distro could have a startup script which jails the
process in a known-safe location for that distro.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?42411>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]