On Fri, Jun 02, 2023 at 04:24:31PM +0100, Leah Rowe wrote:
>
> Hi everyone,
>
> I had an interesting idea for OpenBSD. Haven't tried it yet. I'm
> wondering what other people think of it? The idea is, thus:
>
> 1) Do execution tracing and just run a program. Do everything possible
> in it to the fullest extent feasible and get an entire log of the
> trace. OpenBSD can do tracing:
<snip>
> 2) Write a program that scans for all system calls in the trace,
> suggesting what pledge promises to use. See:
>
> https://man.openbsd.org/pledge.2
>
> I call this idea "autopledge".
<snip>
OpenBSD once had a tool like this as part of its systrace sandboxing
facility, in the form of the -A option argument:
-A Automatically generate a policy that allows every operation the
application executes. The created policy functions as a base that
can be refined.
See https://man.openbsd.org/OpenBSD-5.9/systrace.1#A
OpenBSD has already been down this road. It turned out that not only was the
notion, "if we just made it easier to autogenerate a sandbox configuration,
more people would use it", wrong--more people did not--it was based on
faulty premises. This real-world experience is what led to pledge and
unveil, and why you'll find little interest in a tool predicated on reducing
the need for a piece of software to be thoughtfully and deliberately
refactored. Rather, the point of pledge and unveil is to make that
deliberate refactoring as pleasant and minimal as is practicable.
