On January 16, 2018 6:24:31 AM PST, Michael Schwingen <mich...@schwingen.org> wrote: >Limiting file access to a list of configured directories should be >enough. >However, if you really need this, you can get that now by running >OpenOCD in firejail.
Firejail looks like it might help. I’m not sure file access or local command execution is the only issue here, though. OpenOCD is a tool for embedded system development. Depending on the nature of said system, granting an attacker access to the target probably allows them to at best create a 3.3-to-ground short on a GPIO and perhaps damage the I/O driver, up to at worst set your desk on fire. I’m not totally convinced that allowing an attacker to do *anything* with OpenOCD is safe. -- Christopher Head -- Christopher Head
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenOCD-devel mailing list OpenOCD-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openocd-devel
