|
|
|
|
|
|
by yakubin
1318 days ago
|
|
|
The visions of capsicum and OpenBSD’s pledge and unveil are wildly different. Capsicum is designed with the assumption that you may want to use it for sandboxing untrusted programs. OpenBSD’s pledge and unveil assume the program is benevolent, but may be buggy, such as httpd which could receive specially constructed input over the network, manipulating httpd into giving a root shell. Pledge and unveil restrictions are not inherited across exec syscalls, so you cannot write a utility which would run a third-party program with restricted privileges. Of course it also means that benevolent programs, which weren’t written specifically with OpenBSD in mind, aren’t protected. So e.g. I’d feel more comfortable running cgit in a FreeBSD jail than on OpenBSD trying to cobble something together with just chroot. Linux landlock is modelled after pledge and unveil as far as I know. |
|
|