|
|
|
|
|
|
by Canada
3880 days ago
|
|
|
> pledge() appears to be voluntary. As they've used it so far it's not that voluntary for the user. When De Raadt says voluntary mitigations don't work, he's talking about mitigations that a sysadmin can easily disable via settings. Unless developers build options to control it at runtime then in practice pledge() is a lot less voluntary than SE Linux which has a knob to enable or disable system-wide. |
|
|