ASLR and PIE disabled by default
PeerCorps Trust Fund
ipc at peercorpstrust.org
Mon Apr 3 21:07:23 PDT 2017
On 04/04/2017 02:39 AM, Matthew Dillon wrote:
>
> All I want is a way to run a program with a security wrapper that simply
> indicates which files and directories (or directory trees) can be accessed
> or written to, and some simple resource and network port restrictions, laid
> out in a text file, and have exec*() take care of everything. I don't want
> to have to construct a jail for everything, I don't want to have fine
> control over descriptor passing... I don't want to have to modify the
> program to make it more secure. I just want a simple 'here are the files
> and directories this program can access', 'here are the network ports this
> program can listen on', 'here is what the program can connect to', 'here
> are some basic resource restrictions so the program can't crash the machine
> or DOS it', ... and that's pretty much it.
>
> People literally create whole virtual systems JUST to do that.
>
> -Matt
>
>
This sounds a bit like OpenBSD's pledge http://man.openbsd.org/pledge
More information about the Users
mailing list