undefined | Better HN

0 pointsxign2y ago0 comments

Those are two separate things though. C is more vulnerable than Rust, but either way we should properly sandbox our applications even if they are written in a memory-safe language like Rust (which is not infallable, it's just safer).

One issue is if cURL is allowed to write to "one or more files", then how do you prevent it from writing to a key configuration file or sensitive one that has a lot of downstream effect or write a Bash script that could launch further attacks?

0 comments

73737373732y ago

This really calls for a new type of shell that allows one to pass file descriptors/capabilities as arguments

j / k navigate · click thread line to collapse

0 pointsxign2y ago0 comments

0 comments

73737373732y ago

This really calls for a new type of shell that allows one to pass file descriptors/capabilities as arguments

j / k navigate · click thread line to collapse