But why should it do pledge?

Should it do unveil also?

How about attempting to chroot in case it is run by root?

Benjamin Lee McQueen <mcq@disroot.org> wrote:

> hello tech@
> 
> i've brought this up on misc@ and the consensus seemed to be that nobody
> 
> discourages trivially pledging arch(1), but is not needed or a priority.
> 
> here is the diff either way:
> 
> --- arch.c.orig 2026-02-11 17:25:20.407984208 +0000
> +++ arch.c      2026-02-11 17:27:02.503983152 +0000
> @@ -28,6 +28,7 @@
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <string.h>
> +#include <err.h>
>  #include <unistd.h>
> 
>  static void __dead usage(void);
> @@ -68,6 +69,9 @@
>         if (optind != argc)
>                 usage();
> 
> +       if (pledge("stdio, NULL") == -1)
> +               err(1, pledge);
> +
>         printf("%s%s\n", short_form ? "" : "OpenBSD.", arch);
>         return (0);
>  }
>