[email protected] wrote: > > "Theo de Raadt" <[email protected]> wrote: > > If it is a shared executable, you would need to encode access to ld.so > > and all the library environment, and additional strange things used > > during libc initialization for various subsystems. > > > > That would require hard-coding a large number of additional paths into > > the caller. How would that actually work in practice? > You could probably just unveil /usr, /lib - I've tested that using bwrap > on a Linux box (idk any tools I could use for that on OpenBSD) and that's > enough to run e.g. the shell. Some programs also need stuff like /dev/null > or other special devices.
Wonderfully insufficient. > > If you use "exec", you have intentionally and visibly opened an escape > > hatch to run other programs, which are EXPECTED to self-protect against > > their own misbehaviour. > Shouldn't that be documented? Have you found anything which implies that unveil persists?
