Summary: | <=sys-apps/sandbox-1.2.18.1-r3: bypass | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alexander Hesse <webmaster> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED INVALID | ||||||
Severity: | normal | CC: | oli.huber | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Alexander Hesse
2008-09-06 22:53:35 UTC
Created attachment 164760 [details]
example ebuild
I fail to see how that is a security issue. ebuilds have non-sandboxed phases running anyway (pkg_*), and makefiles and ebuilds must be considered trusted input. There is no trust boundaries crossed here, sandboxing is not meant to be a security measure. Please reopen if you disagree and reply with a more verbose reasoning. |