[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sandboxing Code [Security Critical]

[Date Prev] | [Date Next]

Subject: Re: Sandboxing Code [Security Critical]
From: Ori Bernstein <ori@xxxxxxxxxxxxxx>
Date: Sun, 28 Sep 2014 22:40:23 -0400
To: Daniel Cegiełka <daniel.cegielka@xxxxxxxxx>
Cc: myrddin-dev@xxxxxxxxxxxxxx

And it's online, with a mandelbrot demo.

    http://eigenstate.org/myrddin/playground

As a side note, why does Linux need CAP_SYS_ADMIN for things like
isolating your process in it's own PID namespace? I'd like to use that
in the sandboxing code, but I don't like giving CAP_SYS_ADMIN. Feels
like it's almost CAP_MIGHT_AS_WELL_SUID.

On Wed, 24 Sep 2014 12:40:49 +0200, Daniel Cegiełka <daniel.cegielka@xxxxxxxxx> wrote:

> nice :) thx.
> 

-- 
    Ori Bernstein

References:
Sandboxing Code [Security Critical]	Ori Bernstein <ori@xxxxxxxxxxxxxx>
Re: Sandboxing Code [Security Critical]	Daniel Cegiełka <daniel.cegielka@xxxxxxxxx>

Prev by Date: Announcing mbld.
Previous by thread: Re: Sandboxing Code [Security Critical]
Next by thread: Announcing mbld.
Index(es):
- Main
- Thread