| 20 Feb 2023 |
 @janne.hess:helsinki-systems.de | In reply to @elvishjerricco:matrix.org
oh but I guess isn't there a C version of makeWrapper? makeBinaryWrapper | 09:10:12 |
| @janne.hess:helsinki-systems.de | In reply to @k900:0upti.me
I just don't get the threat model Neither do I but it seems like a interesting challenge | 09:10:26 |
 @elvishjerricco:matrix.org | I kind of get it | 09:10:42 |
| @janne.hess:helsinki-systems.de | In reply to @janne.hess:helsinki-systems.de
Neither do I but it seems like a interesting challenge I also told them having AppArmor everywhere would get you to a more secure system but who am I to judge | 09:11:03 |
| @elvishjerricco:matrix.org | The more turing complete parameters you include, the greater the fuckups | 09:11:05 |
| @elvishjerricco:matrix.org | but like the kernel already has turing complete shit with bpf or whatever it's called so you're already screwed | 09:11:37 |
| @janne.hess:helsinki-systems.de | In reply to @elvishjerricco:matrix.org
but like the kernel already has turing complete shit with bpf or whatever it's called so you're already screwed Ah so you think they don't have a custom one with grsecurity? But yeah, it's hard to defend this measure | 09:12:31 |
| @elvishjerricco:matrix.org | I mean I think it's an entirely reasonable thing to want | 09:12:55 |
| @janne.hess:helsinki-systems.de | Will try when I find time, probably just need to use makeBinaryWrapper and rewrite my shitty bash code to shitty c code | 09:13:10 |
| @elvishjerricco:matrix.org | I think it's ridiculous that the kernel allows turing complete logic from userspace | 09:13:11 |
| @elvishjerricco:matrix.org | zfs made a more egregious version of this mistake by including a Lua interpreter in kernel space | 09:13:32 |
| @elvishjerricco:matrix.org | like... please don't do that | 09:13:42 |
| @janne.hess:helsinki-systems.de | In reply to @elvishjerricco:matrix.org
zfs made a more egregious version of this mistake by including a Lua interpreter in kernel space I mean … still better than a fully ruby env? | 09:13:59 |
| @elvishjerricco:matrix.org | Oh no is there ruby in the kernel?? | 09:14:27 |
| @janne.hess:helsinki-systems.de | No, that's the point. Rather have lua than ruby | 09:14:41 |
| @elvishjerricco:matrix.org | ah lol fair enough | 09:14:50 |
| @janne.hess:helsinki-systems.de | Or just go the way of anti-cheat on windows and open an unauthenticated pipe and execute whatever comes out of it 🎉 | 09:15:02 |
| @janne.hess:helsinki-systems.de | * Or just go the way of anti-cheat on windows and open an unauthenticated pipe and execute whatever comes out of it in the kernel 🎉 | 09:15:11 |
