Michał Kowalczyk
Michał Kowalczyk
Ok, we can test both then.
I think we'll have to wait with implementing this until we rewrite IPC (#2107).
In general, I believe argv and envp sanitization can only be reasonably secure if done using whitelisting. And overall I'd discourage our users from sanitizing the arguments, they should rather...
> > And overall I'd discourage our users from sanitizing the arguments, they should rather just provide them from a trusted source (using protected argv). > > Sometimes there are...
Closing. IMO @boryspoplawski is right, seeking on directories doesn't make too much sense and the bugs related to this were a result of something else, as Borys noted.
I closed it because I thought your previous comment was based on a wrong assumption (that you can't read large directories without seeking), but if what you want is to...
> I believe we should implement a "God-like" option in Graphene to bind a single mount point to host's / No, I don't think we should allow this, sounds like...
Yup, and the host can always duplicate an FD to create an illusion of separate descriptors which are in fact mapped to the same resource. It's just that our code...
Jenkins, test this please
Seems that PAL API doesn't even have a notion of shared memory? And I don't think it should, this concept is (I think) not compatible with the rest of this...