> i understand the concern about threat model as arch(1) executes so > briefly that realistic exploit scenarios are very minimal.
I don't think the security choice being done here is on the level of timing, but rather that it prints out static strings it got from an include file at compile time. It would always execute as the user that started it and as far as I can imagine, is not something you would setuid, or put in a sensitive chroot. > on the other hand, yes(1) can be justified to be pledged because > it executes much longer. but they are of similar complexity. Perhaps it was found that arch falls into the last category of this old email https://marc.info/?l=openbsd-tech&m=144764491931009&w=2 where some utilities are deemed so simple its of no real use, like hostname. But don't let me prevent you from sending what is a very trivial stdio pledge diff. If someone likes it, it would go in. -- May the most significant bit of your life be positive.
