Skip to main content
Unix & Linux

Return to Answer

Better examples consistent with what's actually possible in pledge
Source Link
edit approved Sep 17, 2024 at 14:31
poolie
edit approved Sep 17, 2024 at 14:31
poolie
  • 131
  • 6

What is Pledge?

pledge is a system call.

Calling pledge in a program is to promise that the program will only use certain resources.

Another way of saying is to limit the operation of a program to its needs, e.g.,

"I pledge not to useopen any other ports except port 63"new sockets"
"I pledge not to use any other system-call except lseek()only write temporary files, and fork()"not write other files"

How does it make a program more secure?

It limits the operation of a program. Example:

  • You wrote a program named xyz that only needs the read system-call.
  • Then you add pledge to use only read but nothing else.
  • Then a malicious user found out that in your program there is a vulnerability by which one can invoke a root shell.
  • Exploiting your program to open a root shell will result that the kernel will kill the process with SIGABRT (which cannot be caught/ignored) and generate a log (which you can find with dmesg).

It happens because before executing other codes of your program, it first pledge not to use anything other than read system call. But opening root shell will call several other system-calls which is forbidden because its already promised not to use any other but read.

Where is Pledge?

Its usually in a program. Usage from OpenBSD 6.5 man page:

#include <unistd.h> int pledge(const char *promises, const char *execpromises);

Example Code: Example code of cat command from cat.c

........ #include <unistd.h> ........ int ch; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "benstuv")) != -1) ..........

What is Pledge?

pledge is a system call.

Calling pledge in a program is to promise that the program will only use certain resources.

Another way of saying is to limit the operation of a program to its needs, e.g.,

"I pledge not to use any other ports except port 63"
"I pledge not to use any other system-call except lseek() and fork()"

How does it make a program more secure?

It limits the operation of a program. Example:

  • You wrote a program named xyz that only needs the read system-call.
  • Then you add pledge to use only read but nothing else.
  • Then a malicious user found out that in your program there is a vulnerability by which one can invoke a root shell.
  • Exploiting your program to open a root shell will result that the kernel will kill the process with SIGABRT (which cannot be caught/ignored) and generate a log (which you can find with dmesg).

It happens because before executing other codes of your program, it first pledge not to use anything other than read system call. But opening root shell will call several other system-calls which is forbidden because its already promised not to use any other but read.

Where is Pledge?

Its usually in a program. Usage from OpenBSD 6.5 man page:

#include <unistd.h> int pledge(const char *promises, const char *execpromises);

Example Code: Example code of cat command from cat.c

........ #include <unistd.h> ........ int ch; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "benstuv")) != -1) ..........

What is Pledge?

pledge is a system call.

Calling pledge in a program is to promise that the program will only use certain resources.

Another way of saying is to limit the operation of a program to its needs, e.g.,

"I pledge not to open any new sockets"
"I pledge to only write temporary files, and not write other files"

How does it make a program more secure?

It limits the operation of a program. Example:

  • You wrote a program named xyz that only needs the read system-call.
  • Then you add pledge to use only read but nothing else.
  • Then a malicious user found out that in your program there is a vulnerability by which one can invoke a root shell.
  • Exploiting your program to open a root shell will result that the kernel will kill the process with SIGABRT (which cannot be caught/ignored) and generate a log (which you can find with dmesg).

It happens because before executing other codes of your program, it first pledge not to use anything other than read system call. But opening root shell will call several other system-calls which is forbidden because its already promised not to use any other but read.

Where is Pledge?

Its usually in a program. Usage from OpenBSD 6.5 man page:

#include <unistd.h> int pledge(const char *promises, const char *execpromises);

Example Code: Example code of cat command from cat.c

........ #include <unistd.h> ........ int ch; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "benstuv")) != -1) ..........
Update pledge(2)'s signature and add link to man page
Source Link
edit approved Jun 4, 2019 at 9:49
authchir
edit approved Jun 4, 2019 at 9:49
authchir
  • 127
  • 1
  • 7

What is Pledge?

pledge is a system call.

Calling pledge in a program is to promise that the program will only use certain resources.

Another way of saying is to limit the operation of a program to its needs, e.g.,

"I pledge not to use any other ports except port 63"
"I pledge not to use any other system-call except lseek() and fork()"

How does it make a program more secure?

It limits the operation of a program. Example:

  • You wrote a program named xyz that only needs the read system-call.
  • Then you add pledge to use only read but nothing else.
  • Then a malicious user found out that in your program there is a vulnerability by which one can invoke a root shell.
  • Exploiting your program to open a root shell will result that the kernel will kill the process with SIGABRT (which cannot be caught/ignored) and generate a log (which you can find with dmesg).

It happens because before executing other codes of your program, it first pledge not to use anything other than read system call. But opening root shell will call several other system-calls which is forbidden because its already promised not to use any other but read.

Where is Pledge?

Its usually in a program. Usage from OpenBSD 6.5 man page:

#include <unistd.h>   int pledge(const char *promises, const char *paths[]*execpromises);

Example Code: Example code of cat command from cat.c

........ #include <unistd.h> ........ int ch; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "benstuv")) != -1) ..........

What is Pledge?

pledge is a system call.

Calling pledge in a program is to promise that the program will only use certain resources.

Another way of saying is to limit the operation of a program to its needs, e.g.,

"I pledge not to use any other ports except port 63"
"I pledge not to use any other system-call except lseek() and fork()"

How does it make a program more secure?

It limits the operation of a program. Example:

  • You wrote a program named xyz that only needs the read system-call.
  • Then you add pledge to use only read but nothing else.
  • Then a malicious user found out that in your program there is a vulnerability by which one can invoke a root shell.
  • Exploiting your program to open a root shell will result that the kernel will kill the process with SIGABRT (which cannot be caught/ignored) and generate a log (which you can find with dmesg).

It happens because before executing other codes of your program, it first pledge not to use anything other than read system call. But opening root shell will call several other system-calls which is forbidden because its already promised not to use any other but read.

Where is Pledge?

Its usually in a program. Usage:

#include <unistd.h> int pledge(const char *promises, const char *paths[]);

Example Code: Example code of cat command from cat.c

........ #include <unistd.h> ........ int ch; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "benstuv")) != -1) ..........

What is Pledge?

pledge is a system call.

Calling pledge in a program is to promise that the program will only use certain resources.

Another way of saying is to limit the operation of a program to its needs, e.g.,

"I pledge not to use any other ports except port 63"
"I pledge not to use any other system-call except lseek() and fork()"

How does it make a program more secure?

It limits the operation of a program. Example:

  • You wrote a program named xyz that only needs the read system-call.
  • Then you add pledge to use only read but nothing else.
  • Then a malicious user found out that in your program there is a vulnerability by which one can invoke a root shell.
  • Exploiting your program to open a root shell will result that the kernel will kill the process with SIGABRT (which cannot be caught/ignored) and generate a log (which you can find with dmesg).

It happens because before executing other codes of your program, it first pledge not to use anything other than read system call. But opening root shell will call several other system-calls which is forbidden because its already promised not to use any other but read.

Where is Pledge?

Its usually in a program. Usage from OpenBSD 6.5 man page:

#include <unistd.h>   int pledge(const char *promises, const char *execpromises);

Example Code: Example code of cat command from cat.c

........ #include <unistd.h> ........ int ch; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "benstuv")) != -1) ..........
Fixed grammar of one sentence; some formatting
Source Link
tkrennwa
tkrennwa
  • 3.5k
  • 1
  • 17
  • 17

What is Pledge?

pledge is a system call.

Calling pledge in a program is to promise that the program will only use certain resources.

Another way of saying is to limit the operation of a program to its needs, e.

It's kinda likeg.,

"I pledge not to use any other ports except port 63"
"I pledge not to use any other system-call except lseek() and fork()"

How does it makesmake a program more secure?

It limits the operation of a program. Example:

  • You wrote a program named xyz that only needneeds the read system-call.
  • Then you add pledge to use only read system call but no othernothing else.
  • Then a malicious user found out that in your programmprogram there is a vulnerability by which heone can invoke a root shell.
  • But when he exploitExploiting your program and try to open a root shell will result that the kernel will kill the programprocess with an uncatchable SIGABRT (which cannot be caught/ignored) and generate a log (which you can find onwith dmesg).

It happens because before executing other codes of your program, it first pledge not to use anything other than read system call. But opening root shell will call several other system-calls which is forbidden because its already promised not to use any other but read.

Where is Pledge?

Its usually in a program. Usage:

#include <unistd.h> int pledge(const char *promises, const char *paths[]);

Example Code: Example code of cat command from cat.c

........ #include <unistd.h> ........ int ch; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "benstuv")) != -1) ..........

What is Pledge?

pledge is a system call.

Calling pledge in a program is to promise that the program will only use certain resources.

Another way of saying is to limit the operation of a program to its needs.

It's kinda like,

"I pledge not to use any other ports except port 63"
"I pledge not to use any other system-call except lseek() and fork()"

How it makes a program secure?

It limits the operation of a program. Example:

  • You wrote a program named xyz that only need read system-call.
  • Then you add pledge to use only read system call but no other.
  • Then a malicious user found that in your programm there is a vulnerability by which he can invoke a root shell.
  • But when he exploit your program and try to open root shell the kernel will kill the program with an uncatchable SIGABRT and generate a log (which you can find on dmesg).

It happens because before executing other codes of your program, it first pledge not to use anything other than read system call. But opening root shell will call several other system-calls which is forbidden because its already promised not to use any other but read.

Where is Pledge?

Its usually in a program. Usage:

#include <unistd.h> int pledge(const char *promises, const char *paths[]);

Example Code: Example code of cat command from cat.c

........ #include <unistd.h> ........ int ch; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "benstuv")) != -1) ..........

What is Pledge?

pledge is a system call.

Calling pledge in a program is to promise that the program will only use certain resources.

Another way of saying is to limit the operation of a program to its needs, e.g.,

"I pledge not to use any other ports except port 63"
"I pledge not to use any other system-call except lseek() and fork()"

How does it make a program more secure?

It limits the operation of a program. Example:

  • You wrote a program named xyz that only needs the read system-call.
  • Then you add pledge to use only read but nothing else.
  • Then a malicious user found out that in your program there is a vulnerability by which one can invoke a root shell.
  • Exploiting your program to open a root shell will result that the kernel will kill the process with SIGABRT (which cannot be caught/ignored) and generate a log (which you can find with dmesg).

It happens because before executing other codes of your program, it first pledge not to use anything other than read system call. But opening root shell will call several other system-calls which is forbidden because its already promised not to use any other but read.

Where is Pledge?

Its usually in a program. Usage:

#include <unistd.h> int pledge(const char *promises, const char *paths[]);

Example Code: Example code of cat command from cat.c

........ #include <unistd.h> ........ int ch; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "benstuv")) != -1) ..........
Fixed grammar of one sentence; some formatting
Source Link
edit approved Jan 3, 2018 at 18:13
guntbert
edit approved Jan 3, 2018 at 18:13
guntbert
  • 1.7k
  • 1
  • 18
  • 24
added some more context
Source Link
arif
arif
  • 1.6k
  • 6
  • 18
  • 28
added 7 characters in body
Source Link
arif
arif
  • 1.6k
  • 6
  • 18
  • 28
Source Link
arif
arif
  • 1.6k
  • 6
  • 18
  • 28