Keep in mind the *reply* to that thread too, Guilherme. https://mailman.nginx.org/pipermail/nginx-devel/2020-March/013074.html
Some of the protections proposed are already handled by de-escalation of privileges by the inbuilt workers in NGINX. Introducing any additional sandboxing *could* as said by Seth introduce some significant issues. We are in the Stonking series but any major changes we introduce should probably be considered by upstream first, then Debian in that order. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2136126 Title: insufficient security settings for nginx systemd services To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/2136126/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
