On Thu, 15 May 2014 14:44:58 -0400 Mike Gilbert <flop...@gentoo.org> wrote: > On Thu, May 15, 2014 at 1:17 PM, Ciaran McCreesh > <ciaran.mccre...@googlemail.com> wrote: > > On Thu, 15 May 2014 17:15:32 +0000 > > hasufell <hasuf...@gentoo.org> wrote: > >> Ciaran McCreesh: > >> > Sandboxing isn't about security. > >> > > >> > >> Sure it is. > > > > Then where do the bug reports for all the "security violations" > > possible with sandbox go? > > > > There is a big difference between the sandbox utility > (sys-apps/sandbox) and the network-sandbox/ipc-sandbox features. The > former uses an LD_PRELOAD hack to intercept libc functions, and does > not provide any security benefit. The latter options create separate > namespaces in the kernel, which is probably a lot more secure.
"Secure" against what? Malicious ebuilds? Malicious packages? -- Ciaran McCreesh
signature.asc
Description: PGP signature
