On 2021/03/16 16:05, Renaud Allard wrote: > This is a small patch to try to add a basic pledge() to exim. It also avoids > exim from calling some "inappropriate" ioctls. > This seems to run fine on my server, but I would like a wider testing and > bug reporting if possible.
To my eye the only really complex third-party program where pledge is mostly successful (though it still has problems at times) is chromium, and that's because it already has a strong privilege separation model that pledge is hooking into. Exim has a big monolothic process design and lots of optional features many of which pull in third party libraries which are complex themselves (and *also* will have to deal with the same pledge restrictions which again may vary in what functions they call depending on user config). Maybe it's fine for some limited use cases, but it feels that there's way too much in-scope for this to be a success for the general use case.
