Yeah....

So... May I ask what the purpose of your mail was?

Thomas

On 7/4/26 23:09, nibletz wrote:
I sent a previous mail to misc@ that was lighter or more focused on just the 
two bypasses to existing mitigations. I am using AI as my english is not so 
good and I find it helps me organize better.

What are the various inaccuracies?

On Friday, July 3rd, 2026 at 2:43 AM, David Leadbeater <[email protected]> wrote:

It is very hard to respond to such a long message including so many
points and various inaccuracies. You should try implementing your ideas
in smaller pieces and focus on real world cases (an actual exploit
rather than fragments of possibilities could help you make your point).

However one fundamental part not mentioned is pledge() has a promise
"prot_exec". Can ffmpeg or other programs using those libraries be
pledged with a set of promises that does not include "prot_exec"?

On Thu, Jul 02, 2026 at 02:27:32AM +0000, nibletz wrote:
[...]
5. Codec Library Information Leak Hardening and Ports-Wide Pledge Coverage
[...]
- Audit ports that process untrusted network or file input for pledge/unveil
   coverage, prioritizing media decoders, parsers, and network-facing daemons
Yes, please do help. By my count 1.4% of ports are currently pledged.
There are definitely more that could use it.

- Track pledge/unveil coverage as a documented property of each port, similar
   to how WANTLIB or other port metadata is tracked, so coverage gaps are
   visible rather than implicit
I spent some time making sure the pledge() comments in Makefiles are
(reasonably) accurate, while that could be improved it does mean the data is
available:

        find /usr/ports -name Makefile | xargs grep -li '^# uses pledge'

23. Sandboxed Multi-Process Architecture for Media Processing
[...]

This is something that is possible for the application to do itself and
obviously web browsers already do something like this (although in many
cases browsers have "prot_exec" because of JIT, there are likely
improvements that could be considered there too).

27. Implementation Priorities
[...]
6. Ports-Wide Pledge Coverage and Sandboxing (Items 5, 23)
I don't know how you decided that's sixth, when you say:
   - Addresses the structural gap that makes the rest of the chain possible

Reply via email to