I have need to call sysctl() in a C program to read “sysctl kern.version”. Will there be a pledge() to prohibit further calls to sysctl()? I’m kinda afraid that putting a sysctl call could conceivably leave it vulnerable to calling it again in the case the mitigations fail and sysctl() is run to cause damage.
I want it to strstr() to find the existence of “beta” or “current” in “sysctl kern.version” -- -Luke
