On Tue, Jun 14, 2016 at 9:07 PM, Florian Weimer <fwei...@redhat.com> wrote: > On 06/15/2016 04:11 AM, Andrew Lutomirski wrote: > >> I *strongly* disagree here. The xdg-app folks seem to be doing a >> pretty good job with their sandbox. The kernel attack surface is >> reduced considerably, as is the attack surface against the user via >> ptrace and filesystem access. If Wayland is available (which is >> should be!) then so is the attack surface against X. > > > What about the direct access to DRI device nodes? Why isn't this a problem > that reduces the effectiveness of the sandbox considerably?
It's certainly a meaningful attack surface. That being said, if it works well, it should be about as dangerous as Chromium's render sandbox, and the latter seems to work fairly well in practice. I'm assuming that xdg-app grants access to render nodes, not to the legacy node. -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
