Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
jart
on July 7, 2023
|
parent
|
context
|
favorite
| on:
List of Unix binaries that can be used to bypass l...
You're both half right. The trick is to use LD_PRELOAD to inject a SECCOMP filter. Then you can block execve(). See
https://justine.lol/pledge/
and
https://github.com/jart/cosmopolitan/blob/master/tool/build/...
nathants
on July 7, 2023
[–]
this, or custom lsm modules so they’re harder to turn off.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
