---------- Forwarded message ---------- From: "Ingo Schwarze" <schwa...@usta.de> Date: Nov 13, 2015 7:32 PM Subject: Re: pledge() enhancement To: "Luke Small" <lukensm...@gmail.com> Cc: <b...@openbsd.org>
Hi Luke, Luke Small wrote on Fri, Nov 13, 2015 at 06:01:37PM -0600: > I didn't like how rmdir(2) managed to not work when there were contents to > be deleted, so I wrote a function that would. Obviously leaving a function > like this laying around is dangerous, especially in an application server. > Can you put in pledge functionality that would reduce the ability to access > locally accessible functions? I see why you might sometimes wish to restrict the use of functions you write yourself inside your program. However, that is not possible with pledge(2), it's the wrong tool for the job. Pledge is a kernel feature. When you call your own function in a userland program, the kernel never sees the calls to that function, so it can't do anything about it. With pledge, it is not even possible to restrict the use of C library functions that work without performing syscalls, for exactly the same reason: Such calls never make it into the kernel, so the kernel cannot intercept and deny them. In case somebody wants to continue this discussion, please do so on the misc@ mailing list, not on bugs@. There is no bug here. Yours, Ingo
