Hacker News new | ask | show | jobs
by caf 3879 days ago
You don't even have to copy the filenames around and mess with changing page permissions - simply doing:

  static const char * const dev_null = "/dev/null";
and then whitelisting the pointer dev_null is sufficient, because string literals are stored in the text section which is mapped read-only.
1 comments
amluto 3879 days ago
That only works if you've locked down mprotect, mmap, and munmap.
link
caf 3879 days ago
Yes, the parent covered that.
link