aursec-hash: Find the optimal firejail ruleset

Question

aursec-hash: Find the optimal firejail ruleset

clawoflight opened this issue 8 years ago · 4 comments

We need to minimize the danger of sourcing the PKGBUILD.
That means that we need to triple-check the firejail rules and actively try to break out until we are satisfied.

Answer 1 · 2016-12-05T14:44:37.000Z

This is much easier since I added 713c762 :)

Answer 2 · 2016-12-07T09:01:15.000Z

can this be closed by bbf247d ?

Answer 3 · 2016-12-07T09:21:11.000Z

I would say no, because there might be even more things to protect against.
Now that the tests work, the fun part of pentesting can begin :D

Answer 4 · 2016-12-07T09:30:06.000Z

Some more ideas:

Make sure that cloning vcs sources works, but limit other network traffic