Wow. I can't believe anyone even bothered adding seccomp to libmagic file(1). ... "file sets up its sandbox early and thus has to allow a ton of system calls (including open and write) ... this sandbox is somewhat useless, because it is way too weak."https://lwn.net/Articles/796108/ …
-
Show this thread
-
These people can be summed up as "I don't understand privsep".
2 replies 1 retweet 5 likesShow this thread -
Also it's absolutely batshit to have to support LD_PRELOAD hacks for a development model that leverages "fake root" libc interposing of packaging tools.
2 replies 0 retweets 4 likesShow this thread -
Replying to @canadianbryan
Hey Bryan, just curious and trying to understand this tweet (I’ve been exploring package system construction recently and it seems like it might be related). What’s it referring to?
1 reply 0 retweets 0 likes -
Replying to @wezm
If you read the lwn article link, search for "fakeroot".
1 reply 0 retweets 0 likes
Replying to @canadianbryan
Great, thanks. Somehow I totally missed the link in the first tweet when reading on my phone.
2:40 PM - 22 Aug 2019
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.