On Wed Feb 11, 2026 at 5:32 PM UTC, Benjamin Lee McQueen wrote:
> hello tech@
>
> i've brought this up on misc@ and the consensus seemed to be that nobody
>
> discourages trivially pledging arch(1), but is not needed or a priority.
>
> here is the diff either way:
>
> --- arch.c.orig 2026-02-11 17:25:20.407984208 +0000
> +++ arch.c      2026-02-11 17:27:02.503983152 +0000
> @@ -28,6 +28,7 @@
>   #include <stdio.h>
>   #include <stdlib.h>
>   #include <string.h>
> +#include <err.h>
>   #include <unistd.h>
>
>   static void __dead usage(void);
> @@ -68,6 +69,9 @@
>          if (optind != argc)
>                  usage();
>
> +       if (pledge("stdio, NULL") == -1)
> +               err(1, pledge);
> +
>          printf("%s%s\n", short_form ? "" : "OpenBSD.", arch);
>          return (0);
>   }

Hi Benjamin,

I'm not sure how warranted it is, though personally I feel it's not a
bad idea, though the attack surface here is... rather small.

However, I would definitely pledge before argument parsing and not after,
if it's to be done at all.

-Henrich

PS: I feel you may have not caught onto some sarcasm earlier in the
thread ;).