On Tue Oct 22, 2024 at 6:46 PM CDT, nisp1953 wrote: > On Tue, Oct 22, 2024 at 5:38 PM Geoff Steckel <g...@oat.com> wrote: >> >> Pretty much any program can access its current working directory. >> > If you try and share your desktop through Jitsi, pledge will shutdown > your web browser.
this is... not quite correct. if a program is built using pledges and violates them, it would be killed. OpenBSD has other controls to stop video/audio recording. modern browsers are a mess. its a scenario where pledge/unveil are excellent to have, but afaik in general is far too late to start bolting them onto the massive garbage pile that is a modern browser. its been a while since i've run openbsd as a desktop, so i'm not sure where the chromium/firefox ports stand in regards to this. > >> I -believe- that go is a port which probably hasn't been sanitized >> therefore wouldn't have pledge(). >> golang is not part of the base system. You can use pledge/unveil from golang programs, but the go cli tool doesn't use it. > > Thank you Geoff: > I looked over the Go Lang website and there isn't much on the > security auditing of the packages. > It looks like anyone can contribute a Go package. people don't contribute golang modules; they write them, and then make them available using a known URI pattern. github.com/user/repo refers to a GitHub repository; rsc.io/quote means fetch some metadata from that URL, and then get the code from where it points to (in this case, github.com/rsc/quote). as there is no overarching package repository, there is no security audit possible for third-party code. as far as untrusted code goes, unlike rust, golang doesn't silently run untrusted code during the build process, so there is at least that. as has been hinted at, pledge/unveil are _tools_. they don't just bolt-on and magic things into happening. the code has to be written to use them, and to work within the constraints they provide.
signature.asc
Description: PGP signature
