We will wait for the demo.
Leah Rowe <i...@minifree.org> wrote:
> Hi Theo,
>
> On Fri, 02 Jun 2023 11:03:40 -0600
> "Theo de Raadt" <dera...@openbsd.org> wrote:
>
> > Additionally the two outcomes of this will be:
> >
> > 1. Don't call pledge in the program.
> >
> > 2. Use pledge("audio bpf chown cpath disklabel dns dpath drm error
> > exec fattr flock getpw id inet mcast pf proc prot_exec ps recvfd
> > route rpath sendfd settime stdio tape tmppath tty unix unveil video
> > vminfo vmm wpath wroute", NULL);
>
> Yeah I was kinda thinking, just have it be a tool to *assist* but not
> to automatically pledge the program itself. It wouldn't replace
> human-performed auditing or analysis.
>
> You'd run it just to get a basic gist of where you're going, for
> different code paths (which are affected by how you use the program).
>
> If you can trace from specific points in code it's more useful. So
> you'd run different tests depending on the program. It wouldn't
> substitute simply reading and understanding (possibly re-writing) parts
> of the code in a program, to pledge it.
>
> For really huge codebases it might be useful. For smaller code it
> wouldn't be as useful (can more easily just read all of the code).
>
> > We should write a program that looks at all conflict and finds a
> > simple solution for world peace.
>
> The point is well taken :)
>
> --
> Leah Rowe,
> Company Director,
> Minifree Ltd
>
> Registered in England, registration No. 9361826
> VAT Registration No. GB202190462
> Minifree Ltd, 19 Hilton Road, Canvey Island
> Essex SS8 9QA, United Kingdom
> United Kingdom
