|
|
|
|
|
|
by zokier
3501 days ago
|
|
|
> As far as I can see, we could do the same to system calls: if an executable can enumerate all the system calls it needs, we can compile a kernel that will accept only these system calls, which should be a small subset of all available Linux syscalls. That is what pledge essentially does at runtime http://man.openbsd.org/pledge |
|
|