On Sat, Mar 07, 2026 at 12:26:13AM -0800, Philip Guenther wrote: > On Fri, Mar 6, 2026 at 12:23???PM Crystal Kolipe > <[email protected]> wrote: > > > > On Fri, Mar 06, 2026 at 11:07:41AM -0800, Andrew Hewus Fresh wrote: > > > On Thu, Mar 05, 2026 at 06:47:45PM +0000, Crystal Kolipe wrote: > > > > On Thu, Mar 05, 2026 at 10:21:58AM +0100, tetrosalame wrote: > > > > > BTW, i failed to find an in-tree .c file where execpromises weren't > > > > > set to NULL: is that idiom somehow discouraged? > > > > > > As I recall, when I wrote the module the second argument was still very > > > experimental (I think it was pledgepaths maybe) and after it had settled > > > to execpromises but before I had time, this message was posted. > > > > > > > https://marc.info/?l=openbsd-bugs&m=158378079011968 > > > > > > I then lost interest. > > > > Does the fact that ldd is now using execpromises invalidate the previous > > advice not to use it? > > > > Or is this still undecided? > > ldd can make use of it because (a) it checks that it's invoking an ELF > executable with an interpreter, (b) there's only one support ELF > interpreter on OpenBSD, and (c) ldd is tightly integrated with that > interpreter and knows exactly what is used when ldd invokes it. > > I ok'ed the diff that added that use in ldd and I haven't been able to > imagine a *stable* followup use for it since then, since I don't see > any other uses that *can* occur with a similar level of knowledge of > the post-exec operation. > > Given what we know now, would it have been better if pledge() only > took one argument and there was a separate pledgeexec() syscall that > only ldd called? I'll answer with a fully qualified "maybe"
Right, that makes perfect sense and is almost exactly what I was expecting.
