Hello fossil-dev,
I am working on a project where we want to use Fossil as the data
storage backend for a web application. The application is going to run
on OpenBSD and we want to take advantage of the security features in
OpenBSD as much as possible.
In this regard we want to reach out and ask about your opinion about
adding calls to pledge() and later pledgepath() to the Fossil codebase
in order to provide better attack mitigation. In some cases it may be
neccesary to reorder the current code in order to make the pledges more
effective. The OpenBSD developers refer to this as "hoisting" where code
that needs wider permissions is moved to the top of the program and
after this code has run, pledge() reduces the set of allowed system calls.
Related to this is of course the question about other platforms than
OpenBSD. There are mechanisms like seccomp on Linux and capsicum on
FreeBSD that can be used to accomplish some of the things that is
provided by pledge on OpenBSD.
For our project we only care about OpenBSD, but it would be preferable
to have this stuff included in the main Fossil codebase. Maintaining it
as a local patch will most likely be too cumbersome.
What do you think? Is this desirable?
Best regards
Christian
_______________________________________________
fossil-dev mailing list
fossil-dev@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
