More systems need O_APPEND vs. F_SETFL hardening, not just OS X. Preferably upstream. Ref: @i0n1c's SUIDGuard https://www.suidguard.com
@solardiz @okkejytila @i0n1c O_APPEND isn't the right tool for permissions enforcement. chattr +a is for that.
-
-
@solardiz@okkejytila@i0n1c An additional flag for sticky-append could be useful for cases chattr doesn't cover, of course. -
@solardiz@okkejytila@i0n1c But modifying the semantics of O_APPEND for 'hardening' would be dangerous in itself (breaking contracts).
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.