[2022] Taming the fox - Landry Breuil

In addition to all its security features/techniques used in the base system (listed at https://www.openbsd.org/innovations.html ), OpenBSD provides its own 'sandboxing' mechanisms through pledgde() (a process pledges it only needs a subset of syscalls) and unveil() (a process declares it only needs to access a specific list of directories/files, with specific modes) While those APIs are simple to use in the OpenBSD base system where all code is layed out/managed according to the coding style of the project, we'll see how they can be used in the context of a multi-process monster with more lines of code than a full fledged operating system: Firefox. Firefox supports sandboxing on its mainstream platforms since a while, and with the Electrolysis and Fission projects, the browser has been moving to a many-processes architecture, while still dealing with a large codebase that is constantly evolving. We'll see that integrating pledge()/unveil() in this architecture has not been a matter o