OpenBSD 7.9-beta introduces a new internal syscall __pledge_open(2) that bypasses pledge/unveil sandboxing restrictions, potentially creating a sandbox escape vector. The article demonstrates a proof-of-concept exploit using signal handling and ptrace to intercept this syscall. This represents a significant security research finding regarding OpenBSD's internal hardening mechanisms.
Background
OpenBSD's pledge and unveil are security mechanisms that restrict system calls and filesystem access for applications. The __pledge_open syscall is an internal mechanism that bypasses these restrictions for libc functions.
- Source
- Lobsters
- Published
- Apr 2, 2026 at 09:53 PM
- Score
- 7.0 / 10