aursec-hash: Find the optimal firejail ruleset

clawoflight / aursec

Blockchain-based security layer for the AUR

Mozilla Public License 2.0

16 stars 2 forks source link

aursec-hash: Find the optimal firejail ruleset #20

Closed clawoflight closed 7 years ago

clawoflight commented 7 years ago

We need to minimize the danger of sourcing the PKGBUILD. That means that we need to triple-check the firejail rules and actively try to break out until we are satisfied.

clawoflight commented 7 years ago

This is much easier since I added 713c762 :)

Lifree commented 7 years ago

can this be closed by https://github.com/clawoflight/aursec/commit/bbf247d3e2d4b6aaa34876a588f55a3cf237fd4e ?

clawoflight commented 7 years ago

I would say no, because there might be even more things to protect against. Now that the tests work, the fun part of pentesting can begin :D

clawoflight commented 7 years ago

Some more ideas:

[ ] Make sure that cloning vcs sources works, but limit other network traffic