Ya'll need to discover pledge(2), unveil(2) and privilege separation.
https://twitter.com/majek04/status/1034759172041129984 …
-
-
Replying to @canadianbryan
Linux capabilities are awful and blaming that shit on POSIX by calling them "POSIX capabilities" when they have nothing to do with POSIX is.... uhg.
3 replies 3 retweets 7 likes -
Replying to @RichFelker @canadianbryan
Linux has seccomp something like the pledge model, but sadly it doesn't work well when you don't control the whole implementation stack.
1 reply 1 retweet 1 like -
Replying to @RichFelker
Yeah, doesn't really support the incremental dropping mechanics either, just a single policy to rule them all, nothing preventing going to other way either.
1 reply 0 retweets 2 likes
All aspects of a good privilege model should be incremental and irreversible drop. (No suid or setcap, etc.) With that you can make chroot, all namespace type operations unprivileged and safe.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.