Hi, I didn't want to reply, but I saw all this thread and had to because it seems you're on some fumes dude.
I surely knew before and after my commit that the unveil wound't descend into the child process, what happened in this case was that I actually didn't see that the main process actually was invoking "check_scripts" from anywhere in the filesystem. Should we restrict them from being spawned from a specific directory? Maybe, but that would break a lot of people's configs. Please don't make assumptions that we want to make a "sandbox" and an "attacker" can easily bypass it when both Theo and Claudio already explained on how all this works. /mestre On 19:04 Tue 15 Jun , [email protected] wrote: > June 15, 2021 8:45 PM, "Dave Voutila" <[email protected]> wrote: > > > The first link was to the paper: > > > > "A systematic analysis of the science of sandboxing" > > Maass, et.al. (2016). PeerJ Computer Science 2:e43 > > > > It is most certainly not paywalled. Maybe you can try this one? > > > > https://peerj.com/articles/cs-43 > > Thanks! I'll definitely read it soon. > > > I still recommend you read it if you're going to approach folks with > > suggestions of building "sandboxes" as you did. > > As mentioned in my last response, my post's intent wasn't even to > convince y'all about sandboxes being great, or how you should build > sandboxes, or do whatever with them. I was only interested in the > (imo) weird behaviour of unveil. I didn't expect that a single sentence > about sandboxes would make you think that my whole post is about them. >
