Revision as of 17:54, 14 May 2021 edit 88.243.128.172 (talk) link to the most current manpages ← Previous edit		Revision as of 18:16, 14 May 2021 edit undo 88.243.128.172 (talk) mention unveil(2) Next edit →
Line 49: OpenBSD 5.8 introduced the <code>pledge</code> [[system call]] for restricting process capabilities to a minimal subset required for correct operation.<ref>{{cite web\|title=pledge() - a new mitigation mechanism\|url=https://www.openbsd.org/papers/hackfest2015-pledge\|website=OpenBSD\|access-date=May 19, 2018}}</ref> If the process is compromised and attempts to perform an unintended behavior, it will be terminated by the kernel. Since its introduction, applications and ports have been changed to support <code>pledge</code>, including the [[Chromium (web browser)\|Chromium]] [[web browser]]. OpenBSD 6.4 introduced the <code>unveil</code> [[system call]] for restricting [[filesystem]] visibility to a minimum level.<ref>{{cite web\|title=unveil — unveil parts of a restricted filesystem view\|url=https://man.openbsd.org/unveil\|website=OpenBSD manual pages\|access-date=2020-05-15}}</ref> == References == {{reflist \| 30em \| refs =

OpenBSD security features: Difference between revisions