[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[task #15701] Sandboxing the execution of the project
From: |
Boud Roukema |
Subject: |
[task #15701] Sandboxing the execution of the project |
Date: |
Sun, 21 Jun 2020 14:18:34 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 |
Follow-up Comment #1, task #15701 (project reproduce):
There's also some overlap with:
https://savannah.nongnu.org/task/?15682 - maneage-lint
which is meant to be for the general task of a 'lint' program in general, not
only for shebang issues.
A _lint_ type program can only detect common types of errors or security flaws
(e.g. _rm -fr_ where the argument can by accident become _/_ or go up in the
directory tree), and a detector script needs to be written for each of these.
Given that the Debian _lintian_ is already highly developed - see
https://savannah.nongnu.org/task/?15682 - it would be worth learning from that
experience. As I pointed out there, the detector scripts have to be themselves
debugged. :)
The general sandbox idea is good. I assume that examples would be _chroot_ and
_debootstrap_, which uses _chroot_ :
https://tracker.debian.org/pkg/cdebootstrap
https://tracker.debian.org/pkg/debootstrap
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/task/?15701>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/