Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
wufocaculura
on April 2, 2024
|
parent
|
context
|
favorite
| on:
Timeline of the xz open source attack
There's a single dot in a line between #include <sys/prcntl.h> and void my_sandbox(void). It is easy to miss, but makes the compile to fail, thus resulting in HAVE_LINUX_LANDLOCK to be never enabled.
arrowsmith
on April 2, 2024
|
next
[–]
Can someone explain to n00bs like me: what's "landlock" anyway and why is it significant here?
Denvercoder9
on April 2, 2024
|
parent
|
next
[–]
It's a Linux Security Module that allows to sandbox processes:
https://docs.kernel.org/userspace-api/landlock.html
Thorrez
on April 2, 2024
|
prev
[–]
prctl, not prcntl
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
