kmk3
commented
2 months ago @NetSysFire
Disabled more things in the profile.
Does it still work with the changes?
Open NetSysFire opened 2 months ago
kmk3
commented
2 months ago @NetSysFire
Disabled more things in the profile.
Does it still work with the changes?
NetSysFire
commented
2 months ago This is a small python game that does not need any networking or even external access. I already thought what I did was already a bit overkill as my initial profile for this was even smaller. There is simply no attack surface to justify additional effort in my opinion.
kmk3
commented
2 months ago This is a small python game that does not need any networking or even external access. I already thought what I did was already a bit overkill as my initial profile for this was even smaller.
This idea seems backwards.
Why give a program more access than it needs, especially if the standard restrictions are unlikely to cause problems?
There is simply no attack surface to justify additional effort in my opinion.
What would be the additional effort? I mostly just added the rest of the common entries from profile.template.
Again, do the changes cause any breakage?
NetSysFire
commented
2 months ago I do not have any more motivation to test the new directives. I'd prefer to stick to the things I already tested.
Tested it myself of course. This is a small, python-based game which needs no network access and is generally quite frugal in terms of resources.
I would deem it fine if this is added to firecfg, as there are little to no configurable options and will work out of the box.