This article was discussed on Hacker News.
Years ago, OpenBSD gained two new security system calls,
unveil. In both, an application
surrenders capabilities at run-time. The idea is to perform initialization
like usual, then drop capabilities before handling untrusted input,
limiting unwanted side effects. This feature is applicable even where type
safety isn’t an issue, such as Python, where a program might still get
tricked into accessing sensitive files or making network connections when
it shouldn’t. So how can a Python program access these system calls?
As discussed previously, it’s quite easy to access C APIs from
Python through its
ctypes package, and this is no exception.
In this article I show how to do it. Here’s the full source if you want to