mirror of
https://github.com/swaywm/sway.git
synced 2024-11-29 19:31:29 +00:00
Soften up environment security
So no one gets their feewings hurt
This commit is contained in:
parent
a4e92ad272
commit
c61746a15b
|
@ -39,12 +39,9 @@ you choose to place it in other locations.
|
||||||
Environment security
|
Environment security
|
||||||
--------------------
|
--------------------
|
||||||
|
|
||||||
LD_PRELOAD is a mechanism designed by GNU for the purpose of ruining the security
|
LD_PRELOAD is a mechanism designed to ruin the security of your system. There are
|
||||||
of your system. One of the many ways LD_PRELOAD kills security is by making
|
a number of strategies for dealing with this but they all suck a little. In order
|
||||||
Wayland keyloggers possible.
|
of most practical to least practical:
|
||||||
|
|
||||||
There are a number of strategies for dealing with this but they all suck a little.
|
|
||||||
In order of most practical to least practical:
|
|
||||||
|
|
||||||
1. Only run important programs via exec. Sway's exec command will ensure that
|
1. Only run important programs via exec. Sway's exec command will ensure that
|
||||||
LD_PRELOAD is unset when running programs.
|
LD_PRELOAD is unset when running programs.
|
||||||
|
@ -54,7 +51,7 @@ In order of most practical to least practical:
|
||||||
but this is the most effective solution.
|
but this is the most effective solution.
|
||||||
|
|
||||||
3. Use static linking for important programs. Of course statically linked programs
|
3. Use static linking for important programs. Of course statically linked programs
|
||||||
are unaffected by the security dumpster fire that is dynamic linking.
|
are unaffected by the dynamic linking security dumpster fire.
|
||||||
|
|
||||||
Note that should you choose method 1, you MUST ensure that sway itself isn't
|
Note that should you choose method 1, you MUST ensure that sway itself isn't
|
||||||
compromised by LD_PRELOAD. It probably isn't, but you can be sure by setting
|
compromised by LD_PRELOAD. It probably isn't, but you can be sure by setting
|
||||||
|
|
Loading…
Reference in a new issue