On Tue, Apr 4, 2017 at 4:34 AM, Ben Woolley <[email protected]> wrote: > Hi Carsten, > > To be fair, their solution allows you to use pledge for source, > and vmm for binary.
Despite the fact that vmm isn't an exact replacement you make a fair point. Virtualization can be used for security but it's more complex than a syscall filter or MAC and therefore more likely to have holes. I guess vmm makes sense since OpenBSD removed support for foreign executables and there won't be many OpenBSD closed source applications anyway. > One issue with binary is not *really* knowing what kind of access > it should have, not just for security, but also for functionality. > It kinda makes sense. Which is another reason to have a cross platform solution so that projects can maintain a single profile for multiple platforms and therefore avoid putting too much of a burden on upstream developers. I think it's time to consolidate at least the config format if not push for something like Capsicum. Compared to a complex filesystem like ZFS or Hammer or even POSIX filesystems in general, writing a minimally viable syscall filter or MAC feature is approachable enough for many developers that there's many variants in Unixes and Linux.
