CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/30 10:18:10
Modified files:
lib/libc/sys : pledge.2
Log message:
Yet another AI assisted report has triggered on the belief that
kill(2) against 0 (for pgrp) should not be permitted by pledge "proc".
Nothing validates this premise. Blocking process group kills would
break substantial amounts of software in dangeous ways, as it creates
fragile invarient conditions. We previously tried to block this belief
with kern_pledge.c:1.357 by subtly adding "/pgrp" in a comment, but that
was not effective so try adding "kill(2) may still operate on the
process group with pid 0." to the manual page. This is annoying
because the pledge manual page usually describes what is blocked
(resulting in process killing) rather than specifically listing
what allowed.
Discussed with Ivan Arce