Den tors 5 mars 2026 kl 23:49 skrev tetrosalame <[email protected]>: > > On Thu, Mar 05, 2026 at 06:47:45PM +0000, Crystal Kolipe wrote: > > On Thu, Mar 05, 2026 at 10:21:58AM +0100, tetrosalame wrote: > > > BTW, i failed to find an in-tree .c file where execpromises weren't > > > set to NULL: is that idiom somehow discouraged? > > > > https://marc.info/?l=openbsd-bugs&m=158378079011968 > > Thank you, much appreciated.
In the base system, ldd actually uses execpromises when "half-running" a binary to see which shared libraries it will pull in at start, to prevent the examined binary from doing weird stuff, but apart from that, having it carry over is as mentioned in the link above not the good idea people think it is. In your perl case, if it does try to have a set of pledges for itself, plus the pledges it wants to have carried over, it would probably become a too-wide list, either for the called program or the callee. This is mostly what happens when you look at apparmor and similar "just list the things this program might need" for any program that has plugins or that in turn can exec other programs. If the list needs to be inherited, that list will basically need to cover the sum of all possibly things any plugin ever would do, or the things the exec'd program ever might do, so it becomes a very low fence in the end. See https://cvsweb.openbsd.org/diff/src/libexec/ld.so/ldd/ldd.c,v?rev=1.24&prev=1.23 -- May the most significant bit of your life be positive.
