In pledge, presumably there will be an accessible paths list. Maybe you grant a process root access, and you need to read a file which is only granted by root access, and you need write access for another file, so the pledge permissions reflect that. On the presumed current path, you would leave write access for the first file and maybe you don't need the process to have read permissions on an execl() program. You can prohibit your process from reading your software or binary, even if it may have permissions to do so.
On Sat, Sep 3, 2016, 02:34 ludovic coues <cou...@gmail.com> wrote: > What is the use case ? > > 2016-09-03 4:15 GMT+02:00 Luke Small <lukensm...@gmail.com>: > > wouldn't it be more secure to have a write, read, and execute capable > paths > > lists in pledge() > > > > > > -- > > Cordialement, Coues Ludovic > +336 148 743 42