Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
README, SECURITY: Clarify that bubblewrap does not define a security …
…model bubblewrap can provide a robust security boundary that severely limits functionality, or it can provide full functionality without any attempt at being a security boundary, or anything in between those extremes. If a caller of bubblewrap chooses inappropriate command-line arguments for their desired security model, then bubblewrap will not provide the security model they are aiming for, but this is not a bubblewrap vulnerability. Apparently this isn't clear to everyone, so try to clarify. The one place where bubblewrap *does* define some sort of security policy for itself is when it's setuid root, in which case it's responsible for preventing users from carrying out privilege escalation attacks like CVE-2020-5291. Resolves: #555 Signed-off-by: Simon McVittie <[email protected]>
- Loading branch information