Commit d3e4d7d4 authored by Daan Sprenkels's avatar Daan Sprenkels

readme: Add a note about sandbox security; NFC

parent 5f43c291
Pipeline #46329 passed with stage
in 2 minutes and 55 seconds
......@@ -26,6 +26,17 @@ cargo uninstall maruska
Cargo currently has no support for "regular" upgrading of installed packages.
You can force a reinstall, however, using:
## Security
A user running maruska can request the help screen. `man` will use the system
preferred pager program (set by `$PAGER` and `$MANPAGER`). If this is set to
`less`, the user can execute any command by default.
If you intend to sandbox this program, to allow usage for anonymous users, make
sure that you _completely_ sandbox the process tree and file system. The user
can run arbitrary code through the maruska process, and maruska is not designed
to provide any security to prevent this.
```shell
cargo install --force --git https://gitlab.science.ru.nl/dsprenkels/maruska.git
```
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment