Use pledge(2) on OpenBSD

[estrogently]

pledge(2) restricts which system calls can be called, terminating the process on a violation.

Probably not very essential for micro, but nice to have.

[zyedidia]

What sort of system calls does this disallow and how are you sure that micro doesn't violate the pledges? Sorry I'm just worried that this could cause a crash because micro pledges the wrong set of system calls.

[deliciouslytyped]

I like the idea here.

FWIW, if you're considering adding something like this, you might want to abstract it a bit or something to add multi-platform capability because stuff like seccomp on linux might be interesting.

But then you kind of have to start thinking about "what should be the threat model for a text editor?" and I don't know.

You might also want to make the call list flexible depending on what someone is doing with their plugins, but then at that point a question is how do you secure the configuration?

And if you allow exec, can't someone just run an executable that has less restrictions?

Disclaimer: I am an armchair security engineer.