Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 11 Jun 2016 10:31:25 -0600
From:      Alan Somers <asomers@freebsd.org>
To:        Domagoj Stolfa <domagoj.stolfa@gmail.com>, Wolfgang Zenker <wolfgang@lyxys.ka.sub.org>,  Florian Ermisch <florian.ermisch@alumni.tu-berlin.de>
Cc:        FreeBSD CURRENT <freebsd-current@freebsd.org>
Subject:   Re: The OpenBSD pledge
Message-ID:  <CAOtMX2jtABfLSa9NjVTNdo3=WNhF2qJTqBMZqDGeT10uVD7j4w@mail.gmail.com>
In-Reply-To: <CABRKQr5XO=aJ60foH=kZ0MD8Ro0q6b=6n=pCYOAdAB1YsSs-%2BA@mail.gmail.com>
References:  <CABRKQr4U6-QKjcxWK_zV9TYBq-FFzuo4QxyRZ5Dcf9KxLjrypQ@mail.gmail.com> <20160611103834.GA75085@lyxys.ka.sub.org> <1F5A9247-7C98-483C-A4BD-4A3D54208B3D@alumni.tu-berlin.de> <CABRKQr7WheAHMRC04v90Rz68SFVBwapOn97bTiuPBy5x1ZaT=g@mail.gmail.com> <CABRKQr5XO=aJ60foH=kZ0MD8Ro0q6b=6n=pCYOAdAB1YsSs-%2BA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Jun 11, 2016 at 5:32 AM, Domagoj Stolfa
<domagoj.stolfa@gmail.com> wrote:
> Yes, it would maybe make sense to do so. I am not too familiar with
> capsicum(4), but glancing over it, it might be possible. If anything, it
> would allow for code reuse from the OpenBSD ports and increased portability
> in the future. Maybe the people who have worked with capsicum(4) or have
> developed it could give some more insight on this.
>

I don't see how it would be possible.  Capsicum is all about file
descriptors.  When you call cap_enter(), you give up the ability to
access global namespaces.  For example, you can no longer open files
(except using openat(2) for files in a subdirectory of a directory
which is already opened).  OTOH, pledge is all about sycalls.  When
you pledge, you give up the ability to use certain syscalls,
regardless of what file descriptors they might involve.  So for
example, a program that uses pledge(2) to prohibit networking syscalls
can't simply replace pledge(2) with cap_enter(2), because it may need
to open files after pledging.

-Alan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2jtABfLSa9NjVTNdo3=WNhF2qJTqBMZqDGeT10uVD7j4w>