From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=0.3 required=5.0 tests=DMARC_NONE,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RDNS_DYNAMIC autolearn=no autolearn_force=no version=4.0.0 Received: from pd4mo2so.prod.shaw.ca (h24-71-223-10.cg.shawcable.net [24.71.223.10]) by chiba.3jane.net (Postfix) with ESMTP id 95E3A1A401 for ; Tue, 11 Dec 2001 12:00:42 -0600 (CST) Received: from pd5mr2so.prod.shaw.ca (pd5mr2so-qfe3.prod.shaw.ca [10.0.141.233]) by l-daemon (iPlanet Messaging Server 5.0 Patch 2 (built Dec 14 2000)) with ESMTP id <0GO6005NQY1E38@l-daemon> for gentoo-dev@gentoo.org; Tue, 11 Dec 2001 11:00:50 -0700 (MST) Received: from pn2ml7so (pn2ml7so-qfe0.prod.shaw.ca [10.0.121.151]) by l-daemon (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GO600KQJY1E3V@l-daemon> for gentoo-dev@gentoo.org; Tue, 11 Dec 2001 11:00:50 -0700 (MST) Received: from shaw.ca ([24.68.91.28]) by l-daemon (iPlanet Messaging Server 5.0 Patch 2 (built Dec 14 2000)) with ESMTP id <0GO6009H1Y1ELJ@l-daemon> for gentoo-dev@gentoo.org; Tue, 11 Dec 2001 11:00:50 -0700 (MST) Date: Tue, 11 Dec 2001 10:04:26 -0800 From: Zach Forrest Subject: Re: [gentoo-dev] Sandbox suggestion To: gentoo-dev@gentoo.org Message-id: <3C164AAA.3010007@shaw.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011130 References: <3C15CC48.7080904@theleaf.be> Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk Reply-To: gentoo-dev@gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Developer discussion list List-Unsubscribe: , List-Archive: X-Archives-Salt: 7e13fe42-3a37-4911-9ffc-074fb39d2815 X-Archives-Hash: 51f7cd81de24e454811cd00a4980bda8 What about installing dyn-bash into something like /usr/lib/sandbox/bin/bash, and then pre-pending this to $PATH before beginning and restoring the original $PATH afterwards? Zach Joshua Pollak wrote: > On Tuesday 11 December 2001 4:05, you wrote: > >>Because then any script that refers to /bin/bash during the installation >>process uses the static bash, while the purpose is this the dynamic bash >>is used. Of course all the scripts could be patched, but then the use of >>the sandbox gets quite a bit devaluated. >> > > Fair enough. > > >>Joshua Pollak wrote: >> >>>Hi, >>> >>>Just wondering, but I had a suggestion for the dynamic bash ebuild: Rather >>>than replacing the static bash and moving the static bash to /bin/sbash >>>(shouldn't that be /sbin/sbash?) anyway, why not just install the new >>>shell to /bin/dyn-bash or dbash or something, and make the sandbox >>>scripts call everything via that shell? >>> >>>I'm not sure if that's technically possible or not, but it seemed like it >>>would make a lot of things simpler, and reduce the risk of sysadmins >>>messing something up. >>>_______________________________________________ >>>gentoo-dev mailing list >>>gentoo-dev@gentoo.org >>>http://lists.gentoo.org/mailman/listinfo/gentoo-dev >>> >>_______________________________________________ >>gentoo-dev mailing list >>gentoo-dev@gentoo.org >>http://lists.gentoo.org/mailman/listinfo/gentoo-dev >> > _______________________________________________ > gentoo-dev mailing list > gentoo-dev@gentoo.org > http://lists.gentoo.org/mailman/listinfo/gentoo-dev > >