-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
main focus of project? #35
Comments
isolation is why orjail is born in the first place. (quoting README.md :
a long-term project would be to rewrite it in C, it will make it a bit more serious. |
Sounds great! Which advantages a rewrite in C bring? Could you interface with linux namespaces natively, without calling external binaries such as |
|
lesion:
> Which advantages a rewrite in C bring?
I think the surface attack is smaller (imho):
- let's say an attacker could change your environment before running orjail: using bash it takes total control (e.g. could change $PATH order and create an iptables wrapper, in C you would use libiptc)
I guess an attacker who can change the environment has already
compromised the system and can do worse stuff anyhow?
|
Why not rewrite in Go? Or Rust? |
Rust +1 |
I am wondering what is the main focus of your project?
a) Adding torification to applications which don't come with native torification or
b) better guaranteed torification (absence of leaks going through clearnet) by launching applications isolated in Linux network namespaces?
The text was updated successfully, but these errors were encountered: