diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-03 03:10:38 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-03 03:10:38 +0000 |
| commit | 33d8e5245e0821ea3d82b4533f332f5dc6ec1e92 (patch) | |
| tree | 1f1ed09964dce54e9da613b84d09ba737ba4a171 /lib/libssl/src/ssl/ssl_lib.c | |
| parent | the ntp dns process only needs tame "dns rw" to operate. at least, (diff) | |
| download | wireguard-openbsd-33d8e5245e0821ea3d82b4533f332f5dc6ec1e92.tar.xz wireguard-openbsd-33d8e5245e0821ea3d82b4533f332f5dc6ec1e92.zip | |
So you'd love me to say sleep() can be tighter than tame "stdio". OK,
there is that pesky usage message... We could tame "something" in the
non-usage codepath.. but pop quiz, anyone know what happens after main
returns or if exit(3) is called? atexit completion.. our atexit is
very paranoid with structure management and uses mprotect. So current
minimum a normal program needs is tame "malloc".
tame "stdio" done before the usage codepath splits is just as good;
tame placement before getopt provides a strong hint about program
behaviour.
I am still hoping someone comes up with a nice solution for atexit,
or a nice tame subset between "" (pure computation) and "malloc".
Ideas have been floated to expose "self", but it lacks mprotect also,
and should continue to lack it (see the ssh tame sandbox).
Diffstat (limited to 'lib/libssl/src/ssl/ssl_lib.c')
0 files changed, 0 insertions, 0 deletions