[Panino]

Busy upgrading machines now, lots of nice new things.

Looking forward to checking out the new execpromises in pledge. I use pledge in all my C stuff and have added it to a few other apps. Thanks OpenBSD devs!

[krylon]

I just wish other systems would adopt pledge.

Of all the priviledge dropping mechanisms I have encountered, pledge seemed the most comprehensible.

[zokier]

> Looking forward to checking out the new execpromises in pledge

Interesting that they just changed the interface from `int pledge(const char * promises, const char * paths[]);` to `int pledge(const char * promises, const char * execpromises);`. I guess that is the power they have by being a BSD and integrated system, they do not worry about userland compatibility.

[kiwidrew]

The pledge(2) manpage for 6.2 and earlier states:

"BUGS. The path whitelist feature is not available at this time."

So the second argument was previously unused, and thus could be repurposed without hurting backwards compatability.

[ams6110]

zokier's point is still correct though. OpenBSD is a complete system, kernel + userland. You upgrade in lockstep.

[ComputerGuru]

What type of machines do you run OpenBSD on, out of curiosity? Routers, workstations, web servers, embedded devices?

[Panino]

Routers, workstations, servers (DNS, web, mail, backup).