[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #42411] gdomap chroots to /tmp
From: |
Richard Frith-Macdonald |
Subject: |
[bug #42411] gdomap chroots to /tmp |
Date: |
Fri, 25 Jul 2014 10:29:56 +0000 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/7.0.5 Safari/537.77.4 |
Follow-up Comment #4, bug #42411 (project gnustep):
I agree about 1 and 2 not being options.
I don't agree with (3) since if we don't chroot then we have to assume that
the executable has access to the whole filesystem ... and a chroot to /tmp
can't possibly be less secure than that.
Perhaps though, we could add a command-line argument to specify the directory
to which we should chroot, and only use the existing location if that argument
is not provided? Then a distro could have a startup script which jails the
process in a known-safe location for that distro.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?42411>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/