|
|
|
|
|
|
by ycmbntrthrwaway
3723 days ago
|
|
|
> this will just slightly raise the bar so that attackers who get code execution have to force a call to execve In most cases your program doesn't need execve, so it can call pledge without "exec" promise. Sometimes you will still be able to open some shell script and add your commands there or something like this, but without "wpath" promise it is impossible. |
|
|