Follow-up Comment #4, bug #42411 (project gnustep):
I agree about 1 and 2 not being options.
I don't agree with (3) since if we don't chroot then we have to assume that
the executable has access to the whole filesystem ... and a chroot to /tmp
can't possibly be less secure than that.
Perhaps though, we could add a command-line argument to specify the directory
to which we should chroot, and only use the existing location if that argument
is not provided? Then a distro could have a startup script which jails the
process in a known-safe location for that distro.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?42411>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-gnustep mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-gnustep
