Comment by jart

> Compare how OpenBSD is actually disallowing syscalls outside of their libc.

And Cosmopolitan Libc actually disallows syscalls to the OpenBSD Libc whilst running on OpenBSD. If this surprises you then you've misunderstood the intent behind msyscall(), which Cosmopolitan's pledge() implements on Linux too. See the "Syscall Origin Verification" section of the blog post https://justine.lol/pledge/#msyscall The basic idea is you can choose whatever set of system call wrappers you want, put them into one memory location, and then the kernel will check the RIP register to make sure that SYSCALL is only being used from those addresses. Their choice to start doing this is kind of funny because it turns C libraries into a game of Highlander. There can be only one.