On Mon, 30 Nov 2015 23:30:49 +0100 Lampshade <lampsh...@poczta.fm> wrote:
> Thanks for answers.
> @dan mclaughlin. But how to prevent attacker going out of chroot?

as far as i am aware only root can break out of a chroot. as long as nothing
runs as root, and there are no suid root this shouldn't be a problem.

> Do you think that this is possible to prevent this using pledge(2)?

pledge may not be the best tool. see

there is systrace(1) which does something similar.

> Thanks for links. Especially Jonathan's "Re: making firefox less
> insecure"
> mail dated 2014-11-23 is worth reading for me. I wonder if
> pledge(2), in theory, can be used to extend his program.

see the above url re pledge.

Reply via email to