Re: curtain: WIP sandboxing mechanism with pledge()/unveil() support
Date: Thu, 31 Mar 2022 19:33:06 UTC
On Thu, 31 Mar 2022 at 06:25, David Chisnall <theraven@freebsd.org> wrote: > > Capsicum simply disallows '..' in paths. This is no longer true as of 7359fdcf5ffa. During a lookup the kernel checks that each ".." component specifies a directory that has already been visited in this name lookup call. > The execve hole is the reason that I have little interest in pledge as > an enforcement mechanism. Note that execve is only available if the "exec" keyword is specified. The child does not inherit the parent's limits, though.