Contributed by tj on 2015-11-16 from the cutting-pledge-of-development dept.

For those wondering about the ongoing integration progress of OpenBSD's pledge(2) subsystem, Theo de Raadt (deraadt@) has an informative update

Our base system contains 600 ELF binaries, which are found in the directories /bin /sbin /usr/bin /usr/sbin and /usr/libexec. 368 have been converted to use pledge in some form -- generally the application of pledge is quite strong. This is that list:

[ ac acpidump addr2line apm apply apropos ar arp as at atq atrm awk b64decode b64encode banner basename batch bc bgpctl bgpd biff c++ c++filt cal cap_mkdb captoinfo cat cc chgrp chmod chown ci cksum clear clri cmp co col colrm column comm compress comsat config cp cpio cpp cron crontab crunchgen csh csplit ctags cu cut date dc dd deroff dev_mkdb df diff diff3prog dig dirname disklabel dmesg doas du dvmrpctl echo ed egrep eigrpctl eigrpd encrypt env ex expand expr fdisk fgen fgrep file find finger fingerd flex flex++ fmt fold from fsck_ext2fs fsck_ffs fsck_msdos fsdb fsirand fstat ftp ftpd fuser g++ gcc gencat getcap getent getopt getty grep group groupadd groupdel groupinfo groupmod groups gunzip gzcat gzip head help hexdump host htpasswd httpd id ident identd ikectl iked indent inetd info infocmp infokey infotocap install-info iscsictl join jot kdump kill ksh kvm_mkdb lam last lastcomm ld ldapctl ldapd ldconfig ldpctl ldpd leave less lesskey lex ln lndir locate locate.bigram locate.code lock lockspool logger login_activ login_crypto login_passwd login_reject login_skey login_snk login_tis login_token login_yubikey logname look ls m4 mailwrapper make makeinfo makewhatis makewhatis man mandoc md5 merge mesg mg mkdir mklocale mktemp more nc ncheck ncheck_ffs netgroup_mkdb nice nl nm nohup nologin nslookup ntpctl ntpd objcopy objdump od opencvs openssl ospf6ctl ospfctl ospfd otp-md5 otp-rmd160 otp-sha1 paste patch pax pflogd pgrep ping ping6 pkill portmap pr printenv printf ps pwd pwd_mkdb radiusctl radiusd radiusd_bsdauth radiusd_radius ranlib rarpd rcs rcsclean rcsdiff rcsmerge rdate readelf readlink rebound relayctl relayd renice reset rev ripctl rksh rlog rm rmdir rmt route route6d rpcgen rs rtadvd savecore scan_ffs scp script sdiff sed sendbug sftp sh sha1 sha256 sha512 signify size skey skeyaudit skeyinfo sleep slowcgi smtpctl smtpd snmpctl sort spamdb spellprog split sshd stat strings strip stty su syslogc syslogd systrace tail tar tcpbench tcpdump tee telnet test texindex tftp tftp-proxy tftpd tic time tmux top touch tput tr traceroute traceroute6 tradcpp tset tsort tty tunefs ul uname uncompress unexpand unifdef uniq units unvis uptime user useradd userdel userinfo usermod users uudecode uuencode vi view vipw vis w wall wc what whatis whereis which who whoami whois write x99token xargs yacc yes ypcat ypldap zcat zdump zegrep zfgrep zgrep zic zzz ZZZ These are the programs which have not yet been pledged, but are plausible: Mail a2p accton amd amq apmd atactl aucat audioctl authpf authpf-noip badsect bgplgsh bioctl calendar cdio chat chfn chio chpass chsh cvs dhclient dhcpd dhcrelay dump dumpfs dvmrpd edquota eject fdformat fsck ftp-proxy gcov gdb getconf gpioctl gprof growfs hostapd hotplugd ifconfig ifstated init installboot iostat ipcs ipsecctl isakmpd iscsid kbd keynote kgmon ldattach locale login login_chpass login_lchpass login_radius lpc lpf lpq lpr lprm lptest mail mail.local mailx makedbm makemap map-mbone memconfig midiplay mixerctl mkalias mkhybrid mknetid mopa.out mopchk mopd mopprobe moptrace mount mountd mrinfo mrouted mtrace mtree mv ndp netstat newfs newfs_ext2fs newfs_msdos newsyslog nfsd nfsstat npppctl npppd nsd nsd-checkconf nsd-checkzone nsd-control ntalkd ospf6d pac passwd pcidump pppstats procmap pstat quot quota quotacheck quotaoff quotaon radioctl rbootd rdist rdistd rdump repquota restore revnetgroup ripd rpc.bootparamd rpc.lockd rpc.rquotad rpc.rstatd rpc.rusersd rpc.rwalld rpc.statd rpc.yppasswdd rpcinfo rrestore rup rusers rwall sa sasyncd scsi sensorsd sftp-server showmount skeyinit sndiod snmpd spamd spamd-setup spamlogd sqlite3 ssh ssh-add ssh-agent ssh-keygen ssh-keyscan ssh-keysign ssh-pkcs11-helper stdethers stdhosts swapctl swapon sysctl systat table-ldap table-passwd table-sqlite talk trpt unbound unbound-anchor unbound-checkconf unbound-control unbound-host usbdevs usbhidaction usbhidctl vacation vmstat vnconfig watchdogd wsconscfg wsconsctl wsfontload wsmoused ypbind ypmatch yppoll yppush ypserv ypset yptest ypwhich ypxfr I'm not listing the ones we won't pledge because they are too simple (like true, hostname..) or can't pledge (because their last operation is a crazy system call like "reboot" or "mount"), or uhm, perl itself. 66% pledged...

More fine-grained syscall restriction in the base system is great news.

Not mentioned in this mail is the fact that some ports have even been patched too. The often-called-on-random-files decompression tools unzip, bzip2 and xz have been pledged to greatly reduce the possible damage they can do. Portions of the Xenocara base (cwm, xterm, some others) have also received the same treatment. It's a long process, but the end result should be pretty spectacular.