diff options
author | Drew DeVault <sir@cmpwn.com> | 2016-12-02 10:29:50 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2016-12-02 10:29:50 -0500 |
commit | c61746a15b78bcd22ca473345ff164ff2c9de973 (patch) | |
tree | 34d5d16ec773c124877d8255e22a8b20947ca438 | |
parent | Deal with LD_LIBRARY_PATH (diff) | |
download | sway-c61746a15b78bcd22ca473345ff164ff2c9de973.tar.gz sway-c61746a15b78bcd22ca473345ff164ff2c9de973.tar.zst sway-c61746a15b78bcd22ca473345ff164ff2c9de973.zip |
Soften up environment security
So no one gets their feewings hurt
-rw-r--r-- | sway/sway-security.7.txt | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/sway/sway-security.7.txt b/sway/sway-security.7.txt index b6f18e80..ec11f10b 100644 --- a/sway/sway-security.7.txt +++ b/sway/sway-security.7.txt | |||
@@ -39,12 +39,9 @@ you choose to place it in other locations. | |||
39 | Environment security | 39 | Environment security |
40 | -------------------- | 40 | -------------------- |
41 | 41 | ||
42 | LD_PRELOAD is a mechanism designed by GNU for the purpose of ruining the security | 42 | LD_PRELOAD is a mechanism designed to ruin the security of your system. There are |
43 | of your system. One of the many ways LD_PRELOAD kills security is by making | 43 | a number of strategies for dealing with this but they all suck a little. In order |
44 | Wayland keyloggers possible. | 44 | of most practical to least practical: |
45 | |||
46 | There are a number of strategies for dealing with this but they all suck a little. | ||
47 | In order of most practical to least practical: | ||
48 | 45 | ||
49 | 1. Only run important programs via exec. Sway's exec command will ensure that | 46 | 1. Only run important programs via exec. Sway's exec command will ensure that |
50 | LD_PRELOAD is unset when running programs. | 47 | LD_PRELOAD is unset when running programs. |
@@ -54,7 +51,7 @@ In order of most practical to least practical: | |||
54 | but this is the most effective solution. | 51 | but this is the most effective solution. |
55 | 52 | ||
56 | 3. Use static linking for important programs. Of course statically linked programs | 53 | 3. Use static linking for important programs. Of course statically linked programs |
57 | are unaffected by the security dumpster fire that is dynamic linking. | 54 | are unaffected by the dynamic linking security dumpster fire. |
58 | 55 | ||
59 | Note that should you choose method 1, you MUST ensure that sway itself isn't | 56 | Note that should you choose method 1, you MUST ensure that sway itself isn't |
60 | compromised by LD_PRELOAD. It probably isn't, but you can be sure by setting | 57 | compromised by LD_PRELOAD. It probably isn't, but you can be sure by setting |