mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-07-21 18:10:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve pledge() and unveil() further

Browse source 
- Fix getpriority()
- Add AT_MINSIGSTKSZ
- Fix bugs in BPF code
- Show more stuff in printargs.com
- Write manual test for pledge.com
- pledge() now generates tinier BPF code
- Have pledge("exec") only enable execve()
- Fix pledge.com chroot setuid functionality
- Improve pledge.com unveiling of ape loader
This commit is contained in:
Justine Tunney 2022-07-24 02:56:03 -07:00
parent 31ac58a57b
commit f968e2a726
17 changed files with 722 additions and 412 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tool/net/help.txt
View file

@ -3930,12 +3930,13 @@ UNIX MODULE
exec
Allows execve, access, faccessat, openat(O_RDONLY).
Allows execve.
If the executable in question needs a loader, then you may need
"prot_exec" too. With APE, security will be stronger if you
If the executable in question needs a loader, then you will need
"rpath prot_exec" too. With APE, security is strongest when you
assimilate your binaries beforehand, using the --assimilate flag,
or the o//tool/build/assimilate.com program.
or the o//tool/build/assimilate.com program. On OpenBSD this is
mandatory.
prot_exec