>In my use-case, the programâs correct functionality is less
>important than ensuring that the program cannot break out.
Astounding. It's like you don't see correct execution environment for
a program as THE foundational aspect of security; while at the same
time this rests on the assuption tha
On 2020-09-22 10:58, Theo de Raadt wrote:
>> I actually agree with this. Designing a program with pledge in
>> mind is always better. However, that requires that the program be
>> trusted, and there still may be some corner cases in which I can
>> tighten down the pledge more than the program its
>My primary use-case is that I would like to port a Linux web app
>(the Rust Playground) to OpenBSD. The Rust Playground allows
>users to supply arbitrary source code, which is then compiled
>and executed. I have no control over the contents of said code,
>so I have no way to ensure that these pr
On 2020-09-22 09:58, Ingo Schwarze wrote:
> Hi Demi,
>
> Demi M. Obenour wrote on Mon, Sep 21, 2020 at 12:51:34PM -0400:
>
>> The tool makes essential use of the execpromises argument
>> to pledge(2), so that it can sandbox the program it executes.
>
> This appears to conflict with the basic ide
>I actually agree with this. Designing a program with pledge in
>mind is always better. However, that requires that the program be
>trusted, and there still may be some corner cases in which I can
>tighten down the pledge more than the program itself can.
I disagree. I don't believe you can corr
On 2020-09-22 10:10, Theo de Raadt wrote:
> I gotta comment..
Thank you for your feedback.
>>> The tool makes essential use of the execpromises argument
>>> to pledge(2), so that it can sandbox the program it executes.
>>
>> This appears to conflict with the basic idea of pledge(2), which
>> is f
I gotta comment..
>> The tool makes essential use of the execpromises argument
>> to pledge(2), so that it can sandbox the program it executes.
>
>This appears to conflict with the basic idea of pledge(2), which
>is for the *programmer* to first do simple preparatory work that
>requires full sysca
Hi Demi,
Demi M. Obenour wrote on Mon, Sep 21, 2020 at 12:51:34PM -0400:
> The tool makes essential use of the execpromises argument
> to pledge(2), so that it can sandbox the program it executes.
This appears to conflict with the basic idea of pledge(2), which
is for the *programmer* to first d
Yesterday, I wrote an unprivileged sandboxing tool for OpenBSD, based
on pledge(2) and unveil(2). I have included the complete C source
code below, and also attached it in case this makes it easier to use.
I called it pledge(1), but am open to suggestions for a better
name. The tool makes essent
On 2020-09-21 12:51, Demi M. Obenour wrote:
> Yesterday, I wrote an unprivileged sandboxing tool for OpenBSD, based
> on pledge(2) and unveil(2). I have included the complete C source
> code below, and also attached it in case this makes it easier to use.
I just realized that I forgot to include
10 matches
Mail list logo
