On 260210-072547, Stuart Henderson wrote:
arch(1) could be pledged trivially. yes(1) has about the same complexity
as arch and is already pledged, so maybe that makes sense.
On 260210-074856, Janne Johansson wrote:
How do you envision someone misusing "arch" to be able to create a
malicious effect they already can't produce?
thank you both for your messages.
i understand the concern about threat model as arch(1) executes so
briefly that realistic exploit scenarios are very minimal.
on the other hand, yes(1) can be justified to be pledged because
it executes much longer. but they are of similar complexity.
is the usual approach to pledge everything that CAN be pledged,
or focus on programs with clear attack surface?
if the former is true, i can provide a diff for arch to be pledged
and send to tech@
