From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-65594-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id D7A6E1387FD
	for <garchives@archives.gentoo.org>; Thu,  3 Apr 2014 14:58:50 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 60D33E0B02;
	Thu,  3 Apr 2014 14:58:44 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 505AFE0A9A
	for <gentoo-dev@lists.gentoo.org>; Thu,  3 Apr 2014 14:58:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by smtp.gentoo.org (Postfix) with ESMTP id 7B18733FB91
	for <gentoo-dev@lists.gentoo.org>; Thu,  3 Apr 2014 14:58:42 +0000 (UTC)
X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org
X-Spam-Flag: NO
X-Spam-Score: -1.459
X-Spam-Level:
X-Spam-Status: No, score=-1.459 tagged_above=-999 required=5.5
	tests=[AWL=-0.889, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.568,
	SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1])
	by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 1Rh2wBGHAi2f for <gentoo-dev@lists.gentoo.org>;
	Thu,  3 Apr 2014 14:58:36 +0000 (UTC)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id AB27A33FD30
	for <gentoo-dev@gentoo.org>; Thu,  3 Apr 2014 14:58:35 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <lnx-gentoo-dev@m.gmane.org>)
	id 1WVj68-0003Gf-C1
	for gentoo-dev@gentoo.org; Thu, 03 Apr 2014 16:58:32 +0200
Received: from ip68-231-22-224.ph.ph.cox.net ([68.231.22.224])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <gentoo-dev@gentoo.org>; Thu, 03 Apr 2014 16:58:32 +0200
Received: from 1i5t5.duncan by ip68-231-22-224.ph.ph.cox.net with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <gentoo-dev@gentoo.org>; Thu, 03 Apr 2014 16:58:32 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: gentoo-dev@lists.gentoo.org
From: Duncan <1i5t5.duncan@cox.net>
Subject: [gentoo-dev] Re: sandbox access violations while running matlab binary installer
Date: Thu, 3 Apr 2014 14:58:19 +0000 (UTC)
Message-ID: <pan$41466$944b138e$f71209fe$21c25455@cox.net>
References: 
	<CAHNvW1+dYFvezN7N2_0k1+FRJFe5wp+MReNcT3PZe2g-DZXFLQ@mail.gmail.com>
	<5339B07D.1040002@gentoo.org>
	<CAHNvW1J1ixFOUbFJQdocNi=3Lb3QQ8WH8nW_7Ek-YNJr2H=dew@mail.gmail.com>
	<bb939524-5659-4221-b61d-f8c7d2f72ce7@email.android.com>
	<pan$2c20c$705ef86e$8461a8d9$ad58d356@cox.net>
	<CAHNvW1K78EKrPSnMJnhyAp2R7O9kOthStiDy7xFVsrmFwadB4A@mail.gmail.com>
	<533B7CD7.2020204@gentoo.org>
	<CAHNvW1LwWiuZjeJt_G_+b18cK3_ijkhPPj3RiQMpBm8LOtZYyA@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: ip68-231-22-224.ph.ph.cox.net
User-Agent: Pan/0.140 (Chocolate Salty Balls; GIT 2ae6aff
 /usr/src/portage/src/egit-src/pan2)
X-Archives-Salt: 067035ef-17de-409f-8dce-553679ddc849
X-Archives-Hash: f1c44894be0305d8562fa1b93dfc8f0b

Kfir Lavi posted on Wed, 02 Apr 2014 13:38:47 +0300 as excerpted:

> What I don't understand is, why it needs to get write permissions to
> /etc/mtab ?

That is a worrisome indeed, since /etc/mtab is now often a symlink to 
/proc/self/mounts (or to /proc/mounts which in symlinks to /proc/self/
mounts), which is kernel-enforced read-only.

Either way, attempts to write to the symlink target (/proc/self/mounts) 
*OR* to replace the symlink are worrisome, tho attempts to write the 
target only potentially disrupt the writer, while successfully replacing 
the symlink could leave a system and thus its sysadmin in a world of hurt.

Yet another lesson on the evils of proprietary/servantware code and the 
violation of the freedom of actual users to properly see what's going on 
and to fix it. <shrug>

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman