Hacker News new | ask | show | jobs
by jiveturkey 778 days ago
I'm not sure how it's relevant exactly to TFA. The mechanism of propagation is an existing feature of libdl that uses an environment variable. With this worm, the loader still runs exactly as before, from libc and libdl.

As to restricting syscalls from certain calling libraries, macOS has this via entitlements, and I believe OpenBSD and/or NetBSD has this in some form as well.
1 comments
saagarjha 778 days ago
Entitlements cannot protect against things in your own process. They are always used to gate clients either across a kernel-user or XPC boundary.
link
jiveturkey 777 days ago
isn't that exactly what the parent was asking for? limiting syscalls.

EDIT: oh. but not limited to the caller from a specific system library.

link