Hacker News new | ask | show | jobs
by trasz2 1284 days ago
Isn’t pledge(2) trivially easy to escape anymore? This used to be one of the differences compared to eg capsicum(2).
3 comments
beachhead 1283 days ago
is pledge easy to escape? can you give some examples?
link
trasz2 1283 days ago
For a while you could just execute another binary, it would run without restrictions imposed on the (pledged) parent. This is a stark contrast to Capsicum, where the monotonicity (ie the fact that once you loose the permission to something you'll never ever get it back, unless being explicitly passed it again) is one of the fundamental assumption behind the design.
link
saagarjha 1283 days ago
No, not really.
link
anthk 1284 days ago
pledge(2) aborts.
link
trasz2 1283 days ago
And? How’s that relevant?
link
anthk 1283 days ago
man 3p pledge, try escaping it with a simple Perl script.
link
trasz2 1283 days ago
In other words you don't know what you're talking about, otherwise you would be able to answer a simple question.
link