How would you give up the ability to execute another program?
Say I have a misc program that has some network connection or otherwise handles tainted input data. An unprivileged user starts and runs it. It does not need to do anything privileged, and does not use routines from libc that execute helper programs (this might change later). Something like an extern
might catch some rare situations, but not the more likely machine level exploits.
I would not like to use chrooting or jailing, as they require (?) root while initializing. Intent is to give up powers, not to escalate. OpenBSD has pledge, which sounds like it would fit the bill.
Juha
Say I have a misc program that has some network connection or otherwise handles tainted input data. An unprivileged user starts and runs it. It does not need to do anything privileged, and does not use routines from libc that execute helper programs (this might change later). Something like an extern
Code:
int execve() { abort(); }
I would not like to use chrooting or jailing, as they require (?) root while initializing. Intent is to give up powers, not to escalate. OpenBSD has pledge, which sounds like it would fit the bill.
Juha