undefined | Better HN

0 pointsvanviegen5y ago0 comments

I imagine this could be done by actually running the script in some sort of sandbox, having file changes written to overlayfs at first.

This would still allow the script to steal data though, as installer script generally require internet access.

0 comments

4 comments · 2 top-level

dwohnitmok5y ago· 2 in thread

This would still be defeated by any script that is nondeterministic which is a real possibility if you're trying to defend against malicious scripts or against very poorly written scripts.

vanviegenOP5y ago

You wouldn't need to run the script twice. Just apply the file modifications when the user okays them.

joosters5y ago

But the modifications might not be valid in the real system. For example, imagine a script that adds a new user to the system: in the container, it picks a new user ID that is free. A diff of the filesystem will show a new line being added to /etc/passwd - seems OK, right? But the user ID picked might clash with one on the real system, causing everything to fail when you apply the change.

1 more reply

mlyle5y ago

Sandboxing is plausible. Statically analyzing for potential changes a priori not so much.

j / k navigate · click thread line to collapse