Justin Handville <nanol...@gmail.com> wrote: > > pledge does not drop access to system calls. It blocks the *action* > > of it, inside the kernel. You are muddling things together far too much. > > That's a matter of semantics. The point is that pledge reduces attack surface > by > reducing what a program is capable of doing at the system level. Dropping code > segments is just another mitigation.
It is not. A ROP attacker will still find gadgets they want to use in the huge % of your text segment that remains. > > You will need to argue that I am wrong before you go any further. > > It doesn't matter. I'm not interested in a debate. Nor am I.
