On 2023-10-16 09:33, Alejandro Colomar wrote:
Hi Siddhesh,
On Mon, Oct 16, 2023 at 09:28:39AM -0400, Siddhesh Poyarekar wrote:
Should we maybe keep this example, and suggest using it with sandboxing?
Or is it not useful anymore?
I don't see the point TBH.
The point was to add another layer of security, in case the sanboxing is
not perfect.
I wouldn't mind if that example was replaced
with lddtree as the alternative since it is functionally equivalent. However
it would be a safer recommendation to put that too inside a sandbox because
IMO you'd generally never want to run or even analyze arbitrary executables
without proper sandboxing.
Sure, I didn't know about lddtree. Feel free to use it.
Mike, could you please post a patch replacing the objdump example with
lddtree and recommending sandboxing?
Thanks,
Sid