From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-dev+bounces-65594-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D7A6E1387FD for <garchives@archives.gentoo.org>; Thu, 3 Apr 2014 14:58:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 60D33E0B02; Thu, 3 Apr 2014 14:58:44 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 505AFE0A9A for <gentoo-dev@lists.gentoo.org>; Thu, 3 Apr 2014 14:58:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 7B18733FB91 for <gentoo-dev@lists.gentoo.org>; Thu, 3 Apr 2014 14:58:42 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -1.459 X-Spam-Level: X-Spam-Status: No, score=-1.459 tagged_above=-999 required=5.5 tests=[AWL=-0.889, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.568, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Rh2wBGHAi2f for <gentoo-dev@lists.gentoo.org>; Thu, 3 Apr 2014 14:58:36 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id AB27A33FD30 for <gentoo-dev@gentoo.org>; Thu, 3 Apr 2014 14:58:35 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <lnx-gentoo-dev@m.gmane.org>) id 1WVj68-0003Gf-C1 for gentoo-dev@gentoo.org; Thu, 03 Apr 2014 16:58:32 +0200 Received: from ip68-231-22-224.ph.ph.cox.net ([68.231.22.224]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <gentoo-dev@gentoo.org>; Thu, 03 Apr 2014 16:58:32 +0200 Received: from 1i5t5.duncan by ip68-231-22-224.ph.ph.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <gentoo-dev@gentoo.org>; Thu, 03 Apr 2014 16:58:32 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Subject: [gentoo-dev] Re: sandbox access violations while running matlab binary installer Date: Thu, 3 Apr 2014 14:58:19 +0000 (UTC) Message-ID: <pan$41466$944b138e$f71209fe$21c25455@cox.net> References: <CAHNvW1+dYFvezN7N2_0k1+FRJFe5wp+MReNcT3PZe2g-DZXFLQ@mail.gmail.com> <5339B07D.1040002@gentoo.org> <CAHNvW1J1ixFOUbFJQdocNi=3Lb3QQ8WH8nW_7Ek-YNJr2H=dew@mail.gmail.com> <bb939524-5659-4221-b61d-f8c7d2f72ce7@email.android.com> <pan$2c20c$705ef86e$8461a8d9$ad58d356@cox.net> <CAHNvW1K78EKrPSnMJnhyAp2R7O9kOthStiDy7xFVsrmFwadB4A@mail.gmail.com> <533B7CD7.2020204@gentoo.org> <CAHNvW1LwWiuZjeJt_G_+b18cK3_ijkhPPj3RiQMpBm8LOtZYyA@mail.gmail.com> Precedence: bulk List-Post: <mailto:gentoo-dev@lists.gentoo.org> List-Help: <mailto:gentoo-dev+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org> X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: ip68-231-22-224.ph.ph.cox.net User-Agent: Pan/0.140 (Chocolate Salty Balls; GIT 2ae6aff /usr/src/portage/src/egit-src/pan2) X-Archives-Salt: 067035ef-17de-409f-8dce-553679ddc849 X-Archives-Hash: f1c44894be0305d8562fa1b93dfc8f0b Kfir Lavi posted on Wed, 02 Apr 2014 13:38:47 +0300 as excerpted: > What I don't understand is, why it needs to get write permissions to > /etc/mtab ? That is a worrisome indeed, since /etc/mtab is now often a symlink to /proc/self/mounts (or to /proc/mounts which in symlinks to /proc/self/ mounts), which is kernel-enforced read-only. Either way, attempts to write to the symlink target (/proc/self/mounts) *OR* to replace the symlink are worrisome, tho attempts to write the target only potentially disrupt the writer, while successfully replacing the symlink could leave a system and thus its sysadmin in a world of hurt. Yet another lesson on the evils of proprietary/servantware code and the violation of the freedom of actual users to properly see what's going on and to fix it. <shrug> -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman