Hi, On Wed, Sep 26, 2012 at 10:34:22PM -1000, Jordan K. Hubbard wrote: > Yeah, I get that. I'm looking to see if there's some way of making > /usr/local more of an ENOENT than an EPERM sort of lookup.
while that would help, hiding directories is not enough. The same problem breaks the currently implemented trace mode, because autoconf reads the contents of $prefix/share/aclocal/ and tries to open every file in there, aborting if the file doesn't exist of permission was denied. I've been working on overloading __getdirentries64 and setting the inode of the files where access should be denied to 0. I'm not sure this would satisfy the requirements of the sandboxing, though (attackers could still find out the file exists/existed). -- Clemens Lang _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo/macports-dev
