alt Hacker NewsYour "evidence" for him to reconsider is a sandbox "bypass" that requires you to be root to set up the environment?
For my next trick I will demonstrate how to break into my own house to open the blinds by using my keys.
Security researcher theatrics will never not be funny.
Replies
The parents tone wasn't warranted, but bugs like this could be more serious if combined with privilege escalation bugs in the sandbox.
Ideally, sandboxes should be like Vegas - what happens in the sandbox stays in the sandbox.
(I'm just speaking hypothetically here, I'm not knowledgeable about OpenBSD or it's sandboxes)
>Your "evidence" for him to reconsider is a sandbox "bypass" that requires you to be root to set up the environment
Can you help figure out where does it say unveil does not really work when root is involved?
Maybe I'm misunderstanding the video, but it looks to me as if the situation is:
You are root inside a sandbox. As root-in-the-sandbox, you create a symlink and this gives you the ability to escape the sandbox.
(Whether this is interesting or not depends on whether anyone actually tries to use the sandbox facility in such a way as to give root-in-the-sandbox privileges to untrusted people or code. I don't know enough about OpenBSD to answer that.)