You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 20, 2022. It is now read-only.
Because our library OS has its own virtualized uid and gid, it doesnt make whole lot of sense to propagate the result of chown/fchownat to the host. Supposedly a malicious program sets an executable with uid 0 or makes it a seteuid program, this can be a vulnerability for our sandboxing system.
On the other hand, neither uid nor gid is platform-independent. For instance, Windows doesn't use the uid/gid system like Linux/BSD. I suggest we approach this implementation with caution, and prioritize use cases that we actually care about.
That being said, is there a specific reason that you want to propagate chown/fchownat?
Our implementation of chown/fchownat don't do anything with uid, gid, and flags (fchownat).
The text was updated successfully, but these errors were encountered: