PaperCutSoftware/GhostTrap
1
0
Fork 0
mirror of https://github.com/PaperCutSoftware/GhostTrap.git synced 2025-12-10 00:31:35 -06:00
Code Issues Packages Projects Releases Wiki Activity

Readme update

Browse Source 
- reference to what else the sandbox restricts.
This commit is contained in:
Chris Dance 2013-04-03 13:19:33 +12:00
parent 3a26e852b0
commit 202c2b03bc
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -78,9 +78,9 @@ with the following known exceptions:
##How it works
```gswin32c-trapped.exe``` first determines a whitelist of resources required to perform the conversion. It then
execs a child process within a sandbox to perform the task. The whitelist of resources is dynamically
constructed by determining the input file and output file/directory from the supplied command-line arguments.
The Ghostscript interpreter code may only access:
execs a child process within a strongly contained sandbox to perform the task. The whitelist of allowed resources
is dynamically constructed by determining the input file and output file/directory from the supplied
command-line arguments. The Ghostscript interpreter's access rights is restricted and it may only access:
* Read only access to the Windows Fonts directory.
* Read only access to application-level registry keys (HKLM\Software\GPL Ghostscript).
@ -89,6 +89,9 @@ The Ghostscript interpreter code may only access:
* Write access to the user-level Temp directory.
* Write access to the output directory (OutputFile).
The sandbox also constrains the execution process on an isolated desktop session to prevent
[shatter attacks](http://en.wikipedia.org/wiki/Shatter_attack") and limits IPC and other potential
escape vectors.
##Release History