On Thu, 11 Jan 2007 09:38:29 +0900 Georgi Georgiev <[EMAIL PROTECTED]> wrote: | Quoting Ciaran McCreesh <[EMAIL PROTECTED]>: | > On Thu, 11 Jan 2007 09:07:54 +0900 Georgi Georgiev <[EMAIL PROTECTED]> | > wrote: | > | Further, by adopting ACCEPT_RESTRICT, it would be possible to be | > | able to say: ACCEPT_RESTRICT=-sandbox: Do not let any ebuild touch | > | anything outside the sandbox. | > | ACCEPT_RESTRICT=-userpriv: Do not let any ebuild run with elevated | > | privileges. | > | > Which gains what, exactly? These are not things about which the end | > user should be concerned. | | A user shouldn't be concerned if an ebuild wants to leave the | sandbox when not supposed to?
Correct. *Developers* should be concerned about whether their package installs and uninstalls correctly. If an ebuild is leaving the sandbox, it's doing so because it's necessary (at least at present -- this proposal will make it more like "because the developer couldn't be bothered to fix something"). Remember that packages can still do bad stuff to the filesystem even when sandbox is turned on. The point of sandbox is to be a safety feature, not a security measure. -- Ciaran McCreesh Mail : ciaranm at ciaranm.org Web : http://ciaranm.org/ Paludis, the secure package manager : http://paludis.pioto.org/
signature.asc
Description: PGP signature
