Google's Chromium sandbox
Google's Chromium sandbox
Posted Aug 19, 2009 15:58 UTC (Wed) by johill (subscriber, #25196)Parent article: Google's Chromium sandbox
Why, for example, can an untrusted process look into my filesystem using getdents() without any checking?
I think that file should come with comments as to why it is allowed, etc., because otherwise it's JUST a collection of arbitrary things, with that information at least it would be verifiable why/that it is needed.
Posted Aug 19, 2009 16:32 UTC (Wed)
by foom (subscriber, #14868)
[Link]
Google's Chromium sandbox
Why, for example, can an untrusted process look into my filesystem using getdents()
without any checking?
Presumably because getdents takes an already-open fd, and open is sandboxed.