On 2 Jun 2023, at 20:35, William Ahern wrote:
On Fri, Jun 02, 2023 at 04:24:31PM +0100, Leah Rowe wrote:
Hi everyone,
I had an interesting idea for OpenBSD. Haven't tried it yet. I'm
wondering what other people think of it? The idea is, thus:
1) Do execution tracing and just run a program. Do everything
possible
in it to the fullest extent feasible and get an entire log of the
trace. OpenBSD can do tracing:
<snip>
2) Write a program that scans for all system calls in the trace,
suggesting what pledge promises to use. See:
https://man.openbsd.org/pledge.2
I call this idea "autopledge".
<snip>
OpenBSD once had a tool like this as part of its systrace sandboxing
facility, in the form of the -A option argument:
-A Automatically generate a policy that allows every operation
the
application executes. The created policy functions as a base
that
can be refined.
See https://man.openbsd.org/OpenBSD-5.9/systrace.1#A
OpenBSD has already been down this road. It turned out that not only
was the
notion, "if we just made it easier to autogenerate a sandbox
configuration,
more people would use it", wrong--more people did not--it was based on
faulty premises. This real-world experience is what led to pledge and
unveil, and why you'll find little interest in a tool predicated on
reducing
the need for a piece of software to be thoughtfully and deliberately
refactored. Rather, the point of pledge and unveil is to make that
deliberate refactoring as pleasant and minimal as is practicable.
This is an excellent, well-stated and helpful answer. Thanks.
--
devin
learn more about me & support my work:
https://www.patreon.com/trianglemutualaid
