
Update on two pledge-related changes to OpenBSD - protomyth
https://marc.info/?l=openbsd-tech&m=151268831628549
======
notaplumber
The first part, execpromises, has already landed:

[https://marc.info/?l=openbsd-
cvs&m=151304116010721&w=2](https://marc.info/?l=openbsd-
cvs&m=151304116010721&w=2) (Prev HN:
[https://news.ycombinator.com/item?id=15906021](https://news.ycombinator.com/item?id=15906021))

[https://man.openbsd.org/pledge](https://man.openbsd.org/pledge)

------
yjftsjthsd-h
So basically,

1: pledge that affects child processes

2: restricting access to parts of the filesystem

~~~
ams6110
3: utilizing this in software isn't as easy as you might think

That's the part that worries me. Stuff that's hard to get right in code, is
often coded wrong.

~~~
arghwhat
In this context, it means "easy to enable, but if the child process does not
handle errors correctly, it might be confused by all the pledge violation
errors it gets for syscalls that used to always work". This is a bit
unfortunate, and requires a implementor to apply a bit of elbow grease.

It specifically does not mean "hard to get right so that the intended security
level is achieved". Such a scenario would be problematic.

