ASLR and PIE disabled by default

PeerCorps Trust Fund ipc at
Mon Apr 3 21:07:23 PDT 2017

On 04/04/2017 02:39 AM, Matthew Dillon wrote:
> All I want is a way to run a program with a security wrapper that simply
> indicates which files and directories (or directory trees) can be accessed
> or written to, and some simple resource and network port restrictions, laid
> out in a text file, and have exec*() take care of everything.  I don't want
> to have to construct a jail for everything, I don't want to have fine
> control over descriptor passing...   I don't want to have to modify the
> program to make it more secure.   I just want a simple 'here are the files
> and directories this program can access', 'here are the network ports this
> program can listen on', 'here is what the program can connect to', 'here
> are some basic resource restrictions so the program can't crash the machine
> or DOS it', ... and that's pretty much it.
> People literally create whole virtual systems JUST to do that.
> -Matt

This sounds a bit like OpenBSD's pledge

More information about the Users mailing list