node-pledge
Bindings for for OpenBSD's pledge(2)
What?
pledge(2)
allows process to ratchet down the privlidges it requires to run, if it attempts to access
a privlidge it has pledged to not use, it will be killed by the kernel.
Example Usage
var http = require('http');
var pledge = require('pledge');
pledge.init("stdio rpath wpath ioctl");
console.log("stuff");
http.get("http://www.google.com/", function(res) {
console.log(res);
}).on('error', function(e) {
console.log(e);
});
Output:
node stuff.js
stuff
Killed
Line from dmesg(8)
:
node(9940): syscall 8
This is an expirement!
Use at your own risk! It will ONLY work on OpenBSD!