On Fri, Jun 02, 2023 at 04:24:31PM +0100, Leah Rowe wrote: > > Hi everyone, > > I had an interesting idea for OpenBSD. Haven't tried it yet. I'm > wondering what other people think of it? The idea is, thus: > > 1) Do execution tracing and just run a program. Do everything possible > in it to the fullest extent feasible and get an entire log of the > trace. OpenBSD can do tracing: <snip> > 2) Write a program that scans for all system calls in the trace, > suggesting what pledge promises to use. See: > > https://man.openbsd.org/pledge.2 > > I call this idea "autopledge". <snip>
OpenBSD once had a tool like this as part of its systrace sandboxing facility, in the form of the -A option argument: -A Automatically generate a policy that allows every operation the application executes. The created policy functions as a base that can be refined. See https://man.openbsd.org/OpenBSD-5.9/systrace.1#A OpenBSD has already been down this road. It turned out that not only was the notion, "if we just made it easier to autogenerate a sandbox configuration, more people would use it", wrong--more people did not--it was based on faulty premises. This real-world experience is what led to pledge and unveil, and why you'll find little interest in a tool predicated on reducing the need for a piece of software to be thoughtfully and deliberately refactored. Rather, the point of pledge and unveil is to make that deliberate refactoring as pleasant and minimal as is practicable.