fun with pledge()

Started by Kirill, October 07, 2020, 08:11:17 AM

Previous topic - Next topic

Kirill

On OpenBSD http://man.openbsd.org/pledge">pledge() system call forces the current process into a restricted-service operating mode.



I know newLISP can import function from shared libraries, but I have never done so yet. So I thought I'd give it a try with pledge():



> (import "/usr/lib/libc.so.96.0" "pledge")
pledge@F99015DECD0
> (pledge "tty stdio" 0)
0
> (println "yay!")
yay!
"yay!"
> (! "ls -al")
Abort trap (core dumped)


In another window I see



newlisp[56936]: pledge "proc", syscall 66


That was fun! I will play more with this little tool.

rickyboy

#1
Nice! 👍
(λx. x x) (λx. x x)

Kirill

#2
I was thinking of creating something that would allow running untrusted newLISP code (think serverless, function-as-a-service et c) as a CGI, only allowing to act on submittes post data and do calculations and spit out the result.



Now, with pledge() and newLISP running in a chroot already, the idea may some day come true.