G'day,
Noting that there are *strong* reasons why pledge/unveil as a command is a bad idea since the
programmer is the one who understands what is going on which is the problem
with the Linux/SELinux/... approach which is a complete disaster .
Still we are building a system that needs to interface with semi-trusted binaries and
so I'm still heading towards:
% ./a-pledge-unveil promises execpromises path permissions command ....
Which seems brutal but has a certain elegance noting we cannot change some
of the binaries and do it properly.
Any thoughts/observations would be worthwhile, e.g. you muppet ... what about...
and we'll of course release the tools (and some other ones which are
more interesting) to the community.
I remain Sirs, your Most humble and Obedient Servant.
Phil Maker <philip.maker@gmail.com>, <pjm@gnu.org>
phone: +61 (0) 439 223 469 TZ +9h30m
ALT: remote email: <philmakerphone@gmail.com>
No comments:
Post a Comment