Comment by inigyou
6 hours ago
Well yeah, that's true for any sandbox. If you pipe stuff outside of the sandbox, outside of any sandbox, and run it there, then you're not running it in a sandbox.
6 hours ago
Well yeah, that's true for any sandbox. If you pipe stuff outside of the sandbox, outside of any sandbox, and run it there, then you're not running it in a sandbox.
Right, but nobody actually uses curl as the end destination, right? You use it to download something so that you can run another tool on it.
And as such, you need to already be sandboxing the tool (since it processes untrusted data you received over the internet).