During build of autogen it modified /dev/null permissions. sandbox kept silence but it should prohibit chmod/chown and other modifications in /dev/.
that's because there is an explicit grant to write to a few device nodes, otherwise simple things like `laksdjfasdf >& /dev/null` wouldnt work. there is no concept in sandbox of "allow only open(write)". either full access to a path is granted, or no access is granted. a new class will have to be drawn up -- i'm not going to special case arbitrary paths. although, i'm not entirely sure it would completely solve the issue. sandbox operates on boundary functions. e.g. open() unlink() chown() etc... once an app has access to a fd, it can do whatever it wants. sandbox does not check functions that operate on fd's since there has been no need in the past. sandbox will not catch fchown(open(/dev/null, O_RDWR), ...), nor do i think it should.
Thank you for explanation Mike. (In reply to comment #1) > sandbox will not catch fchown(open(/dev/null, O_RDWR), ...), nor do i think it > should. Inappropriate permissions to /dev/null could make system inaccessible through ssh. Also this makes packages fail to build. So although I see that this may be tricky to do and not easy way to maintain this is useful to enhance protection. ... future GSOC idea? :)
semi-related, so linking together for useful tracking rather than actual "depend"
The purpose of sandbox is to catch most common mistakes, not provide ultimate security against deliberate stupidity. O don't think such a feature is really worth the effort, and there were no progress for over 7 years.