AFAIK, with pledge() a process can tell the kernel “I’m only going to use X, Y, Z features” (e.g. read, write from file system)
After the process has told this to the kernel the process can then only do these things for its life time. You can pledge() again later, but you can only restrict your pledge never expand it.
This is a nice feature because it limits the number of processes that can potentially be security liabilities even if they have bugs.
unveil() is a similar feature but for file system paths.
It’s a feature of SerenityOS (inspired/borrowed from OpenBSD), and not a feature of C/C++.
Try reading the article, it’s pretty easy to follow :)
It's not the broadest permissions from the parent, but the promises at the time of the fork, for example you can setup the parent in such a way that you fork off early a unprivileged (or privileged) child that has a different set of promises from the parent.
if you have exec permission (pledge "exec") you can exec another program and it starts with a clean slate. It's about dropping privileges so it's assumed you know what your doing and in the best case scenario the executed binary will pledge itself.
Pledge is not some external security feature but something that every program itself manages.
After the process has told this to the kernel the process can then only do these things for its life time. You can pledge() again later, but you can only restrict your pledge never expand it.
This is a nice feature because it limits the number of processes that can potentially be security liabilities even if they have bugs.
unveil() is a similar feature but for file system paths.
It’s a feature of SerenityOS (inspired/borrowed from OpenBSD), and not a feature of C/C++.
Try reading the article, it’s pretty easy to follow :)