On 2016/04/10 20:50, Nicholas Marriott wrote: > Hi > > What's the use for this? What program could use it? > > On Sun, Apr 10, 2016 at 08:48:08AM -0700, Brennan Vincent wrote: > > Subject basically says it all. I think some could find it useful to have > > `pledge` promises optionally persist even after the process calls > > execve. This could, for example, be implemented with an `exec_noreset` > > pledge that gives access to the same syscalls as `exec`, but with this > > restricted behavior. > > > > Is there a good technically reason this can't or shouldn't be done, or > > has it simply not been implemented yet?
It doesn't seem like something that would be widely usable - a big part of how pledge is designed is based around the fact that programs typically need a higher level of access during startup (to open files, persistent sockets, etc) and can then be ratcheted down to a very small set of system calls after init is done. I don't think there's a technical reason why it couldn't be done, but it would add complexity in a security-sensitive area so it's unlikely to happen without a number of real-world use cases.
