Comments (6)
jparyani
commented on May 22, 2024
This is caused by the dovecot process leaving socket files under /var, and the zip command failing when it encounters them.
I'd rather fix this on Sandstorm's end, but I will also try and see if I can change dovecot to put these under /tmp.
from sandstorm.
CameronNemo
commented on May 22, 2024
@jparyani putting them in /tmp leaves huge vectors for security exploitation of Dovecot and/or leaked information from what feeds into Dovecot's socket.
from sandstorm.
kentonv
commented on May 22, 2024
@CameronNemo - How so? Under Sandstorm, every app sees a unique /tmp which is not visible to anyone else.
from sandstorm.
CameronNemo
commented on May 22, 2024
From attacks from within the app container. Unless there is only one process, or if they are all running under the same user. I am guessing it falls under the latter definition, so there is no actual risk?
from sandstorm.
kentonv
commented on May 22, 2024
Each container contains a single app instance owned by a single user. Our security model is based on every user having their own private instance of each app. So, I don't think there's a security issue here.
from sandstorm.
amluto
commented on May 22, 2024
FWIW, /run seems to be the new consensus place for things like this.
from sandstorm.
Related Issues (20)
- Error reinstalling sandstorm HOT 6
- Automatic Grain Backups HOT 1
- Etherpad grains not working after upgrade to 0.304 HOT 7
- Email delivery failure messages no such grain with email not configured HOT 12
- Scheduled Tasks view in Grain Settings appears broken HOT 3
- Installer and docs disagree on which port the incoming mail SMTP service lives on HOT 5
- Can't turn off app updates in App Sources panel HOT 3
- Building Sandstorm in a Debian Bullseye VM fails due to old golang-go version HOT 4
- "App market" shortcut leads to invalid URL HOT 2
- 404 on token setup page HOT 2
- Anything important worth saving at Google Groups? HOT 4
- able to Install Apps from https://apps.sandstorm.io/ But Grains were loading for ever HOT 22
- Perfect Configuration in Nginx for Sandstorm *.Wildcard Setup HOT 3
- docker compose unshare(CLONE_NEWPID) HOT 4
- Lengthy Powerbox requests cannot be read in full
- Failed to renew Let's Encrypt certificate HOT 12
- sandstorm.conf for non-standard TLD? HOT 6
- I used HTTPS-verified install, But open site ,it is blank? HOT 3
- Upgrade Meteor Testapp to Meteor 3.0 (Beta) HOT 7
- Preventing access to client local network? HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sandstorm.