HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rsa25519

no profile record

comments

rsa25519
·4 jaar geleden·discuss
Note that a sandbox escape is often possible via TIOCSTI (CVE-2017-5226) [0] unless a special flag (--new-session) is used.

Bubblewrap is aware of this, yet their documentation gives no indication that this flag is necessary to produce a secure sandbox. In --help, the documentation of --new-session is simply "Create a new terminal session," which severely understates its importance.

It's frustrating to have such a useful tool be knowingly easy to misuse.

[0]: https://github.com/containers/bubblewrap/issues/142
rsa25519
·4 jaar geleden·discuss
Note that the wonderful Go type system interprets time.Second * time.Second as 277777h46m40s with the type time.Second (not sec^2)
rsa25519
·6 jaar geleden·discuss
> I'm not so sure... just, like, maybe put one single thought into organizing it?

Most documentation definitely needs more attention towards organization.

But in my experience, organization is extremely difficult, especially because a documentation author may think of the system very differently than a new user might