Wolemba mabuku wamba wa Cosmopolitan C ndi nsanja ya Redbean adalengeza kukhazikitsidwa kwa pledge() makina odzipatula a Linux. Lonjezoli lidapangidwa poyambirira ndi pulojekiti ya OpenBSD ndipo limakupatsani mwayi woletsa kugwiritsa ntchito mafoni osagwiritsidwa ntchito (mtundu wamitundu yoyera yamayimbidwe amachitidwe amapangidwa kuti agwiritse ntchito, ndipo mafoni ena ndi oletsedwa). Mosiyana ndi njira zowongolera zofikira za syscall zomwe zikupezeka ku Linux, monga seccomp, makina opangira malonjezano adapangidwa kuchokera pansi kuti akhale osavuta kugwiritsa ntchito momwe angathere.
Njira yolephera yopatula mapulogalamu mu malo oyambira a OpenBSD pogwiritsa ntchito makina a systrace adawonetsa kuti kudzipatula pamlingo wa mafoni amtundu uliwonse ndikovuta komanso kuwononga nthawi. M'malo mwake, lonjezo linaperekedwa, lomwe linalola kupanga malamulo odzipatula popanda kulongosola mwatsatanetsatane ndikuwongolera makalasi opezeka okonzeka. Mwachitsanzo, makalasi omwe amaperekedwa ndi stdio (zolowera / zotuluka), rpath (mafayilo owerengera okha), wpath (mafayilo olembera), cpath (kupanga mafayilo), tmppath (kugwira ntchito ndi mafayilo osakhalitsa), inet (maukonde ochezera), unix (unix). sockets), dns (DNS resolution), getpw (werengani mwayi wopezeka patsamba), ioctl (call ioctl), proc (process control), exec (start process), ndi id (chilolezo chowongolera).
Malamulo ogwirira ntchito ndi mafoni amtundu amatchulidwa mu mawonekedwe a zofotokozera zomwe zimaphatikizapo mndandanda wa makalasi ovomerezeka oyitanitsa ndi mndandanda wamafayilo omwe amaloledwa kulowa. Pambuyo pomanga ndi kuyendetsa pulogalamu yosinthidwa, kernel imatenga ntchito yoyang'anira kutsatiridwa ndi malamulo omwe atchulidwa.
Payokha, kukhazikitsidwa kwa malonjezo a FreeBSD kukupangidwa, komwe kumasiyanitsidwa ndi kuthekera kopatula mapulogalamu osasintha ma code awo, pomwe mu OpenBSD kuyimba kwachikole kumayang'ana kuphatikizika kolimba ndi malo oyambira ndikuwonjezera ndemanga pama code a aliyense. ntchito.
Madivelopa a doko la Linux lolonjezedwa adatenga chitsanzo cha FreeBSD ndipo, m'malo mosintha kachidindo, adakonza chowonjezera cha pledge.com chomwe chimakupatsani mwayi woletsa zoletsa osasintha kachidindo. Mwachitsanzo, kuti mugwiritse ntchito zopiringa ndi mwayi wongofikira ku stdio, rpath, inet, ndi threadstdio system call makalasi, ingothamangani "./pledge.com -p 'stdio rpath inet thread' curl http://example.com" .
Ntchito yolonjeza imagwira ntchito pamagawidwe onse a Linux kuyambira RHEL6 ndipo safuna kupeza mizu. Kuphatikiza apo, kutengera laibulale ya cosmopolitan, API imaperekedwa kuti iyang'anire zoletsa pamapulogalamu achilankhulo cha C, zomwe zimalola, mwa zina, kupanga ma enclaves kuti aletse mwayi wopezeka mogwirizana ndi ntchito zina.
Kukhazikitsa sikufuna kusintha kwa kernel - zoletsa za malonjezo zimamasuliridwa kukhala malamulo a SECCOM BPF ndikukonzedwa pogwiritsa ntchito makina amtundu wa Linux. Mwachitsanzo, kuitana pledge("stdio rpath", 0) kusinthidwa kukhala BPF filter static const struct sock_filter kFilter[] = {/* L0*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, syscall, 0, 14 - 1) , / * L1*/ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, OFF(args[0])), /* L2*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 2, 4 - 3, 0), /* L3*/ BPF_JUMP( BPF_JMP | BPF_JEQ | BPF_K, 10, 0, 13 - 4), /* L4*/ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, OFF(args[1])), /* L5*/ BPF_STMT(BPF_ALU | BPF_AND | BPF_K, ~0x80800), /* L6*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 1, 8 - 7, 0), /* L7*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 2, 0, 13 - 8), /* L8*/ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, OFF(args[2])), /* L9*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, 12 - 10, 0), /*L10*/ BPF_JUMP (BPF_JMP | BPF_JEQ | BPF_K, 6, 12 - 11, 0), /*L11*/ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 17, 0, 13 - 11), /*L12*/ BPF_STMT(BPF_KRET_RET_RET_RET_RET_ ), /*L13*/ BPF_STMT(BPF_LD | BPF_W | BPF_ABS, OFF(nr)), /*L14*/ /* fyuluta yotsatira */ };
Source: opennet.ru