g...@oat.com wrote:
> Theo de Raadt wrote:
> After pledge, 80% of the base programs were converted to pledge-assisted
> priv-drop, because it was really obvious that "initialization code"
> could
> and should be moved earlier in the program, so that pledge (or multiple
> p
Theo de Raadt wrote:
After pledge, 80% of the base programs were converted to pledge-assisted
priv-drop, because it was really obvious that "initialization code"
could
and should be moved earlier in the program, so that pledge (or multiple
pledge calls dropping pe
William Ahern wrote:
> Rather, the point of pledge and unveil is to make that
> deliberate refactoring as pleasant and minimal as is practicable.
Indeed, after the first 10 programs were converted to use pledge, it
became very obvious what would happen next:
"priv-drop everything"
The firs
a program. Do everything
possible
in it to the fullest extent feasible and get an entire log of the
trace. OpenBSD can do tracing:
2) Write a program that scans for all system calls in the trace,
suggesting what pledge promises to use. See:
https://man.openbsd.org/pledge.2
I call this idea &
everything possible
> in it to the fullest extent feasible and get an entire log of the
> trace. OpenBSD can do tracing:
> 2) Write a program that scans for all system calls in the trace,
> suggesting what pledge promises to use. See:
>
> https://man.openbsd.org/pledge.2
>
&
Theo de Raadt wrote in
<93466.1685743...@cvs.openbsd.org>:
|We will wait for the demo.
...
|Leah Rowe wrote:
...
|> Yeah I was kinda thinking, just have it be a tool to *assist* but not
|> to automatically pledge the program itself. It wouldn't replace
|> human-performed auditing or analys
We will wait for the demo.
Leah Rowe wrote:
> Hi Theo,
>
> On Fri, 02 Jun 2023 11:03:40 -0600
> "Theo de Raadt" wrote:
>
> > Additionally the two outcomes of this will be:
> >
> > 1. Don't call pledge in the program.
> >
> > 2. Use pledge("audio bpf chown cpath disklabel dns dpath drm erro
Hi Theo,
On Fri, 02 Jun 2023 11:03:40 -0600
"Theo de Raadt" wrote:
> Additionally the two outcomes of this will be:
>
> 1. Don't call pledge in the program.
>
> 2. Use pledge("audio bpf chown cpath disklabel dns dpath drm error
> exec fattr flock getpw id inet mcast pf proc prot_exec ps recv
> suggesting what pledge promises to use. See:
>
> https://man.openbsd.org/pledge.2
>
> I call this idea "autopledge".
Additionally the two outcomes of this will be:
1. Don't call pledge in the program.
2. Use pledge("audio bpf chown cpath disklabel dns
ledge promises to use. See:
>
> https://man.openbsd.org/pledge.2
>
> I call this idea "autopledge".
>
> PS:
>
> I initially proposed this on IRC, but I was told that the IRC channel
> is mostly for user support, so I thought it best to discuss here.
>
> --
> Leah Rowe
am that scans for all system calls in the trace,
> suggesting what pledge promises to use. See:
>
> https://man.openbsd.org/pledge.2
>
> I call this idea "autopledge".
>
> PS:
>
> I initially proposed this on IRC, but I was told that the IRC channel
> is mos
this idea "autopledge".
PS:
I initially proposed this on IRC, but I was told that the IRC channel
is mostly for user support, so I thought it best to discuss here.
--
Leah Rowe
12 matches
Mail list logo
