Skip to content

Commit

Permalink
fix: doc
Browse files Browse the repository at this point in the history
  • Loading branch information
gotlougit committed Sep 17, 2023
1 parent 4d2a722 commit dec9ac2
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion src/builtins/danger_zone.rs
Original file line number Diff line number Diff line change
Expand Up @@ -126,8 +126,14 @@ impl RuleSet for ForkAndExec {
}
}

/// [`Pipes`] is in the danger zone because it can be used to send input to another process. That process will still be under seccomp's restrictions (see
/// [`Pipes`] is in the danger zone because it can be used create a pipe for IPC.
/// That process will still be under seccomp's restrictions (see
/// `tests/inherit_filters.rs`) but depending on your filter it could still do bad things.
///
/// # Security Considerations
///
/// An attacker could pipe arbitrary data to a vulnerable utility and attempt
/// to escape the sandbox.
pub struct Pipes;
impl RuleSet for Pipes {
fn simple_rules(&self) -> Vec<Sysno> {
Expand Down

0 comments on commit dec9ac2

Please sign in to comment.