Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You don't have to spin up a VM per user to sandbox on Linux. You could use firejail. But traditional UNIX user sandboxing could also go a long way.

I'm just saying that I would never trust nethack to not execute arbitrary code and I would have other security measures in place if my threat model required it. It's written in C. I don't expect most contributors to be security focuesed. The primary use is a user running it on their own machine, which is a completely different threat model.



You both don't need to be condescending morons ("Windows-centric security", "It's written in C") on such a minor issue.


Treating multi-user separation as unimportant or unworthy of consideration is a Windows-centric view. It's common, just as Windows is common,


>It's written in C

I find it hard to believe that the rest of your network stack isn't.

The threat model point is very valid, and a big issue with gaming servers in general.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: