Got it. Thanks for the explanation.
On Sun, Apr 10, 2016, at 01:36 PM, Stuart Henderson wrote:
> On 2016/04/10 20:50, Nicholas Marriott wrote:
> > Hi
> >
> > What's the use for this? What program could use it?
> >
> > On Sun, Apr 10, 2016 at 08:48:08AM -0700, Brennan Vincent wrote:
> > > Subject basically says it all. I think some could find it useful to have
> > > `pledge` promises optionally persist even after the process calls
> > > execve. This could, for example, be implemented with an `exec_noreset`
> > > pledge that gives access to the same syscalls as `exec`, but with this
> > > restricted behavior.
> > >
> > > Is there a good technically reason this can't or shouldn't be done, or
> > > has it simply not been implemented yet?
>
> It doesn't seem like something that would be widely usable - a big
> part of how pledge is designed is based around the fact that programs
> typically need a higher level of access during startup (to open files,
> persistent sockets, etc) and can then be ratcheted down to a very small
> set of system calls after init is done.
>
> I don't think there's a technical reason why it couldn't be done,
> but it would add complexity in a security-sensitive area so it's
> unlikely to happen without a number of real-world use cases.
>
