On 2019/08/29 01:24, Theo de Raadt wrote: > I am extremely cynical about 1-liner pledge diffs to large pieces of > software. > > More often than not, the diffs are wrong and someone suffers for it > when their program is killed. > > Pray tell, when you pledge like this, what is the security model?
I'm always a bit suspicious of pledges allowing both filesystem read/write and internet access. Unless they're further ratcheted down after some initialisation, are they really going to give much protection? > Markus Hennecke <markus-henne...@markus-hennecke.de> wrote: > > > ping > > > > On Sun, 14 Jul 2019, Markus Hennecke wrote: > > > > > When using an external program to provide the jabber password we need to > > > allow proc and exec the same way like we do when using an external > > > program > > > for event handling. Tested with a gpg encrypted password file. > > > > > > Ok? I don't use this software but if I did I'd be taking a look at what the pledge actually protects me from and weigh it against the potential for untested codepaths, my initial feeling is that removing the pledge would be saner.
