As noted in a previous story , the new pledge(2) privilege restriction syscall (formerly known as) has been inserted into large swathes of the base system. Theo de Raadt (deraadt@) asked tech readers to look closely for any failures:

I'd like if everyone looks in their dmesg logs for pledge errors. But please don't immediately mail a report! Instead, look for if someone else reports an error in the same command. If noone else does within 24 hours, then please inform tech@, or myself and semarie@

We're doing the best we can to test every usage case of the programs we modify, but there are going to be some glitches, hopefully all found & fixed quickly.

Thanks.

Oh and what has pledge become? A very simple annotation system call a program can do, to tell the kernel what it will do henceforth. If it breaks the rules, it gets killed (and you see those pledge messages). It's a new kind of security system, just wait and see... :)