aboutsummaryrefslogtreecommitdiff
path: root/225
diff options
context:
space:
mode:
Diffstat (limited to '225')
-rw-r--r--225/index.md10
1 files changed, 10 insertions, 0 deletions
diff --git a/225/index.md b/225/index.md
new file mode 100644
index 0000000..a7af816
--- /dev/null
+++ b/225/index.md
@@ -0,0 +1,10 @@
+Title: Mitigations against RCE vulnerabilities
+Author: rodarima
+Created: Sun, 14 Jul 2024 15:50:14 +0000
+State: open
+
+We may want to explore the posibility of using pledge(2) or a similar technology to limit the syscalls that can be used by the parser, or any code facing external information. The network facing code should be separated from the processing side.
+
+The idea is to constraint posible RCE vulnerabilities to limit the posible damage it could do.
+
+See: https://man.openbsd.org/pledge.2 https://justine.lol/pledge/ \ No newline at end of file