OpenBSD Pledge unveiled: with a demo C programming walkthrough

Let's take a deep dive into another awesome #OpenBSD security feature: Pledge! It's all about putting restrictions on syscalls, and we're not just going to talk theory. We'll get our hands dirty and write some #pledge C code. But wait, there's more! We'll even go a step further and combine Pledge with #Unveil in a single program.

References:

• https://man.openbsd.org/pledge.2
• https://man.openbsd.org/unveil.2
• https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pdf
• https://awesomekling.github.io/pledge-and-unveil-in-SerenityOS/
• https://www.youtube.com/watch?v=F_7S1eqKsFk
• https://www.youtube.com/watch?v=-a5hLBuW6tY

00:00 Introduction 01:29 What's pledge (pledge in theory) 06:37 Adding pledge to a C program (pledge in practice) 11:35 Applying pledge to exec syscall (execpromises) 20:53 Demonstrating the use of both pledge and unveil together 29:00 References for further study ... https://www.youtube.com/watch?v=ao0HbnpKgjs