joshua stein <jcs@openbsd.org> wrote:
Thanks for moving back to a secure approach.
> I tried the $TMPDIR shenanigans with the main process mkdtemp'ing
> somewhere in $TMPDIR (or /tmp), and then exporting TMPDIR as that
> directory so that everything else within Firefox uses that
> subdirectory as its temp directory, allowing /tmp to be removed from
> the unveil lists and only that subdirectory visible. Unfortunately
> the first thing to break was our own shm_open() which hard-codes
> /tmp and doesn't honor $TMPDIR. So that all was ripped out and
> we're back to full access to /tmp.
jcs and I have started talking to tedu about this, as the eixsting
shm_open() is his design, a design which is now uncomfortable for
unveil/pledge.
No comments:
Post a Comment