[Exherbo-dev] Current status of sandboxing

David Leverton levertond at googlemail.com
Sun Nov 13 22:55:25 GMT 2011


On Sunday 13 November 2011 22:28:35 Ciaran McCreesh wrote:
> Realistically, we can't protect against malicious build systems. Our
> target should be stupid or buggy build systems that mess around with
> things on /. That's still a very wide goal, since there are lots of
> ways to screw up, but it does mean that if a process can circumvent
> sandboxing in some deliberate way then it's not a huge problem.

It would, however, be nice to be able to safely generate metadata from 
untrusted packages.  This is probably a lot easier than for the actual build 
as a lot of operations can be banned entirely for metadata generation, rather 
than just limited.



More information about the Exherbo-dev mailing list