OpenBSD Journal

OpenBSD's pledge(2) and unveil(2) are developer-friendly, study finds

Contributed by Peter N. M. Hansteen on from the pledge+unveil for much goodness dept.

Academic studies of OpenBSD's features and their practical impact on security are somewhat rare, but we were pleasantly surprised to see the recent paper A Measurement Study on the Adoption of Pledges and Unveils in the OpenBSD Operating System, by Jukka Ruohonen, Krzysztof Sierszecki, Abhishek Tiwari (all at University of Southern Denmark).

The paper studies the adoption of the pledge(2) and unveil(2) in the OpenBSD base system and packages over time, and finds that the features provided actually seem to facilitate adoption of secure coding practices.

The paper's abstracts concludes,

All in all, the measurement results indicate that the adoption of system call minimization and sandboxing techniques is not necessarily as troublesome as has often been discussed in the literature.

The full text of the paper is available too, as PDF, HTML, or TeX source, for your advocacy use and pleasure.


Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]