Take steps to prevent file access from Sandbox #22
Assignees
Labels
enhancement
New feature or request
Comments
I-Al-Istannen
added a commit
to I-Al-Istannen/JShellBot
that referenced
this issue
Feb 16, 2019
The security manager incorrectly assumed executed methods were his and allowed unfiltered access
I-Al-Istannen
added a commit
to I-Al-Istannen/JShellBot
that referenced
this issue
Feb 16, 2019
|
Letting it run with reduced rights is still beneficial, but it can not prevent the bot from reading it's own token. Though adding a safeguard that blocks all executed code from reading a file in the bot directory would be possible. |
|
Leaving a note to close and split this into another issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Previous issue: #15
Seems like it's not enough.
I'd suggest running the app with a linux user that only has read/execute access to what it needs to.
The text was updated successfully, but these errors were encountered: