From: Florian Obser <florian@openbsd.org>
Subject: Re: trivial pledge for arch(1)
To: tech@openbsd.org
Date: Wed, 11 Feb 2026 19:33:04 +0100

It doesn't compile, can't get more secure than that.

(There is also a knf issue with the include and pledge(2) can be pulled
all the way to the top.)

On 2026-02-11 10:37 -07, "Theo de Raadt" <deraadt@openbsd.org> wrote:
> But why should it do pledge?
>
> Should it do unveil also?
>
> How about attempting to chroot in case it is run by root?
>
> Benjamin Lee McQueen <mcq@disroot.org> wrote:
>
>> hello tech@
>> 
>> i've brought this up on misc@ and the consensus seemed to be that nobody
>> 
>> discourages trivially pledging arch(1), but is not needed or a priority.
>> 
>> here is the diff either way:
>> 
>> --- arch.c.orig 2026-02-11 17:25:20.407984208 +0000
>> +++ arch.c      2026-02-11 17:27:02.503983152 +0000
>> @@ -28,6 +28,7 @@
>>  #include <stdio.h>
>>  #include <stdlib.h>
>>  #include <string.h>
>> +#include <err.h>
>>  #include <unistd.h>
>> 
>>  static void __dead usage(void);
>> @@ -68,6 +69,9 @@
>>         if (optind != argc)
>>                 usage();
>> 
>> +       if (pledge("stdio, NULL") == -1)
>> +               err(1, pledge);
>> +
>>         printf("%s%s\n", short_form ? "" : "OpenBSD.", arch);
>>         return (0);
>>  }
>> 
>

-- 
In my defence, I have been left unsupervised.