diff options
| author | Rodrigo Arias Mallo <rodarima@gmail.com> | 2025-09-28 20:26:15 +0200 |
|---|---|---|
| committer | Rodrigo <rodarima@gmail.com> | 2025-09-28 23:10:55 +0200 |
| commit | fb510ea86be5ceb9e91573890242581fdbd77ad8 (patch) | |
| tree | d819fe40683592008d136727f5a0b03e48dc1164 /225 | |
Diffstat (limited to '225')
| -rw-r--r-- | 225/index.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/225/index.md b/225/index.md new file mode 100644 index 0000000..a7af816 --- /dev/null +++ b/225/index.md @@ -0,0 +1,10 @@ +Title: Mitigations against RCE vulnerabilities +Author: rodarima +Created: Sun, 14 Jul 2024 15:50:14 +0000 +State: open + +We may want to explore the posibility of using pledge(2) or a similar technology to limit the syscalls that can be used by the parser, or any code facing external information. The network facing code should be separated from the processing side. + +The idea is to constraint posible RCE vulnerabilities to limit the posible damage it could do. + +See: https://man.openbsd.org/pledge.2 https://justine.lol/pledge/
\ No newline at end of file |