> One of the things I feel OpenBSD has gotten right with pledge and unveil is the placement of responsibility. It's the developers who know and understands the code the best, so they are the most qualified to lock down the code.
Most qualified, certainly. But if all application developers were responsible, we wouldn't need security mechanisms in the first place. I may be misunderstanding how pledge works, but it seems to be actually a very poor security mechanism, since you could just write software which... doesn't pledge to only use certain capabilities. It seems like a great bug prevention mechanism, but not so much for security.
> But if all application developers were responsible, we wouldn't need security mechanisms in the first place.
That's not true. I mean if developers could be infallibly perfect always, then yes we wouldn't need this kind of security mechanism.
But acknowledging that code always has bugs, it's a nice additional layer of protection. If someone comes up with a code injection bug and tries to use it to run attack code that gets blocked by a previous pledge, that's an improvement.
Most qualified, certainly. But if all application developers were responsible, we wouldn't need security mechanisms in the first place. I may be misunderstanding how pledge works, but it seems to be actually a very poor security mechanism, since you could just write software which... doesn't pledge to only use certain capabilities. It seems like a great bug prevention mechanism, but not so much for security.