On Fri, Jun 02, 2023 at 04:24:31PM +0100, Leah Rowe wrote: > > Hi everyone, > > I had an interesting idea for OpenBSD. Haven't tried it yet. I'm > wondering what other people think of it? The idea is, thus: > > 1) Do execution tracing and just run a program. Do everything possible > in it to the fullest extent feasible and get an entire log of the > trace. OpenBSD can do tracing: > > https://man.openbsd.org/dt > > https://man.openbsd.org/btrace > > https://blog.lambda.cx/posts/openbsd-dynamic-tracing/ > > 2) Write a program that scans for all system calls in the trace, > suggesting what pledge promises to use. See: > > https://man.openbsd.org/pledge.2 > > I call this idea "autopledge". > > PS: > > I initially proposed this on IRC, but I was told that the IRC channel > is mostly for user support, so I thought it best to discuss here.
Your problem is: "Do everything possible in it to the fullest extent feasible". Even in simple programs hiting every code path (especially all those error paths that like to do dumb things) is very time consuming and tricky. So whatever you come up with will result in random plegde aborts because you missed something. Also pledge requires the developer to think ahead and write the code in a way that allows large parts of the code to run with thight pledge promises. The idea of an automatic sandbox for things only works if your sandbox is the size of the Sahara. This is why things like landlock are such a great success. -- :wq Claudio
