On Thu, May 15, 2014 at 2:48 PM, Ciaran McCreesh <ciaran.mccre...@googlemail.com> wrote: > On Thu, 15 May 2014 14:44:58 -0400 > Mike Gilbert <flop...@gentoo.org> wrote: >> On Thu, May 15, 2014 at 1:17 PM, Ciaran McCreesh >> <ciaran.mccre...@googlemail.com> wrote: >> > On Thu, 15 May 2014 17:15:32 +0000 >> > hasufell <hasuf...@gentoo.org> wrote: >> >> Ciaran McCreesh: >> >> > Sandboxing isn't about security. >> >> > >> >> >> >> Sure it is. >> > >> > Then where do the bug reports for all the "security violations" >> > possible with sandbox go? >> > >> >> There is a big difference between the sandbox utility >> (sys-apps/sandbox) and the network-sandbox/ipc-sandbox features. The >> former uses an LD_PRELOAD hack to intercept libc functions, and does >> not provide any security benefit. The latter options create separate >> namespaces in the kernel, which is probably a lot more secure. > > "Secure" against what? Malicious ebuilds? Malicious packages? >
Secure against unauthrorized network access during phases where network-sandbox is effective. I am aware that this is a very small benefit given that the ebuild or build system can do lots of things locally without network access, or install some file that accesses the network later. ipc-sandbox probably has some similar security benefit, but I don't understand it as well.
