pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

URL: http://github.com/containers/bubblewrap/pull/391

60.css" /> Only verify MAX_ARG limit when running privileged. by brown · Pull Request #391 · containers/bubblewrap · GitHub
Skip to content

Comments

Only verify MAX_ARG limit when running privileged.#391

Open
brown wants to merge 1 commit intocontainers:mainfrom
brown:max-arg-only-if-privileged
Open

Only verify MAX_ARG limit when running privileged.#391
brown wants to merge 1 commit intocontainers:mainfrom
brown:max-arg-only-if-privileged

Conversation

@brown
Copy link

@brown brown commented Sep 21, 2020

I've hit the MAX_ARG limit. There doesn't seem to be any reason for it when bwrap is unprivileged.

@rh-atomic-bot
Copy link

rh-atomic-bot commented Sep 21, 2020

Can one of the admins verify this patch?
I understand the following commands:

  • bot, add author to whitelist
  • bot, test pull request
  • bot, test pull request once

@charmander
Copy link

charmander commented Sep 30, 2020

I don’t see why the reason for the hardening would only apply to privileged bwrap.

@L-as
Copy link

L-as commented Dec 25, 2020

I don’t see why the reason for the hardening would only apply to privileged bwrap.

If bubblewrap has no special permissions compared to the process executing it, then it makes no sense since the process could just do what the unprivileged bubblewrap would do if it disregarded the limit.

@charmander
Copy link

charmander commented Dec 26, 2020

What if the data bubblewrap is parsing is the problem (i.e. untrusted), not the program passing it through?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@brown @rh-atomic-bot @charmander @L-as
pFad - Phonifier reborn

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.




Check this box to remove all script contents from the fetched content.



Check this box to remove all images from the fetched content.


Check this box to remove all CSS styles from the fetched content.


Check this box to keep images inefficiently compressed and original size.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy