newlispfanclub.alh.net

Friends and Fans of newLISP
http://www.newlispfanclub.alh.net/forum/

fun with pledge()

http://www.newlispfanclub.alh.net/forum/viewtopic.php?f=9&t=5146

Page 1 of 1

fun with pledge()

Posted: Wed Oct 07, 2020 3:11 pm
by Kirill
On OpenBSD pledge() system call forces the current process into a restricted-service operating mode.

I know newLISP can import function from shared libraries, but I have never done so yet. So I thought I'd give it a try with pledge():

Code: Select all

> (import "/usr/lib/libc.so.96.0" "pledge")
pledge@F99015DECD0
> (pledge "tty stdio" 0)
0
> (println "yay!")
yay!
"yay!"
> (! "ls -al")
Abort trap (core dumped)
In another window I see

Code: Select all

newlisp[56936]: pledge "proc", syscall 66
That was fun! I will play more with this little tool.

Re: fun with pledge()

Posted: Thu Oct 08, 2020 1:56 am
by rickyboy
Nice! 👍

Re: fun with pledge()

Posted: Thu Oct 08, 2020 8:06 am
by Kirill
I was thinking of creating something that would allow running untrusted newLISP code (think serverless, function-as-a-service et c) as a CGI, only allowing to act on submittes post data and do calculations and spit out the result.

Now, with pledge() and newLISP running in a chroot already, the idea may some day come true.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited