A recent article of the OpenBSD journal caught me attention: Pledge changes in 7.9-beta (archive.org mirror as it's currently offline). The quoted message starts with: Previously under certain promises it was possible to open certain files or devices even if the program didn't pledge "rpath" or "wpath". This behavior has gone away in 7.9-beta; libc uses the special __pledge_open(2) syscall which cannot be used outside of libc. So a new syscall, bypassing pledge/unveil, interesting. The "can...
No comments yet. Log in to reply on the Fediverse. Comments will appear here.