Hacker News new | ask | show | jobs
by galangalalgol 814 days ago
If systemd could deny liblzma any syacall or filesystem access, that would have prevented it. It is only used to compress a data stream, it only needs read access from one buffer, and write access to another. I realize there is no current mechanism for these granular permissions, that is what I was proposing be addressed.
1 comments
saagarjha 814 days ago
We don't have the way to apply any restrictions on a per-library basis. This is generally quite difficult to do.
link
pdimitar 814 days ago
I know. That's what's missing from our current technology. I am honestly tired of everyone collectively pretending this is not a problem. Periodically we get very grim reminders that it's in fact a problem, everyone pretends to care for a month then it's all back to where it was.

It's depressing. (And no, this comment does not imply you are such. I am responding + ranting.)

link
saagarjha 810 days ago
I suspect most of your frustration comes from reading "we don't think this is a good place to spend our effort" as "there are no problems here".
link
pdimitar 810 days ago
Likely. Though people not seeing the problem is quite frustrating by itself.
link