Comment by staticassertion
4 years ago
Oh yeah, is this not a clear bypss? Write an executable file to disk and then... execute it. As far as I know that is all that's required to completely bypass pledge?
I assume/ hope this is something you can control with better filesystem controls?
Once you've pledged away exec() access this doesn't seem like an issue?
Of course, but if you've pledged away exec inheritance is obviously not a problem at all.