On Sat, Mar 21, 2020 at 06:49:42PM +0100, Andrea Biscuola wrote: > > I tried to see how to solve the situation without disabling pledge. I > modified the > kernel to include shmget(2), shmat(2), shmctl(2) and shmdt(2) in the stdio set > and now, screen sharing works.
Well. So in order to permit firefox to use such syscalls, you also allowed mostly any program using pledge(2) to use them too ? Do you think sshd(8) sandbox needs them ? or doas(1) ? or su(1) ? Allowing new syscalls in an existing promise could be a hard exercice as it require to considere all the programs already using this promise and see implication. I would advice you to follow landry@ advice to disable pledge(2) for firefox. It is could be less dangerous than extending "stdio" and increasing the attack surface of all pledged programs. Thanks. -- Sebastien Marie
