Provided LibC bindings are minimal to satisfy the core and stdlib. pledge is OpenBSD specific, and we don't have any use for it, at least for the time being. Please define specific bindings in projects that need it only.

Pledge is one of the core offerings of OpenBSD. Everything in base has been pledged right down to tools like less, ls, and cd. It is as integral as arc4random which has been included. It has been manually included in ports of ruby for OpenBSD (patched in the build system). If you are coding something which you expect to be secure it should be used, just like chroot, and privilege separation.

@chris-huxtable The standard library can't provide functionality that works in some platforms but not others. Plus, this is just adding a C binding, and we don't document this.

I suggest to define and wrap this function in a shard and provide it, expliclty stating that it only works in OpenBSD.

@chris-huxtable LibC isn't meant to be used. It's an internal implementation detail for the standard library only.

We might think about this if there was a Process.pledge which worked on openbsd but raised NotImplementedError on every other platform, however this PR doesn't add that.

Even then, i'd much rather have something cross-platform, and every unix does this kind of syscall firewall differently, so that's not really feasible.

It looks like in most programming languages this is supported a an optional package: https://gist.github.com/ligurio/f6114bd1df371047dd80ea9b8a55c104

Oh, not true: Go has it in core since May last year: http://undeadly.org/cgi?action=article&sid=20170323042425

@straight-shoota I couldn't find that in the std, it seems to be in the golang/sys repo.

You're right. Not in core. But an official package.

I have expanded on this and created a shard if anyone is interested.
https://github.com/chris-huxtable/openbsd.cr

@chris-huxtable that's cool, but uid/euid/username/groupname/etc really belong in the stdlib because they're cross-platform. It'd be ideal if a shard called openbsd.cr included only openbsd-specific things...

Or, like Go, we could have an official sys shard which contains such low level APIs for all operating systems...

If its valuable I can make a pull request which only contains privilege dropping and chroot. While making a shard which just contains pledge. Thoughts?

Thinking about it more, it's probably best to look at what Go's done here in os/user.

That is: record Group, id : String, name : String, and record User, id : String, primary_group : Group, username : String, display_name : String, home_dir : String.

Not sure about chroot but my gut feeling is we should just add it.

I have put together a pull request which would add chroot to Process.

I have also previously built classes for both system users and groups. I would be willing to open source those components. I think it makes the most sense to build them right into the standard library as setuid/setgid are fundamental process control functions which are baked in to all unix-based OS's.

Yeah, I agree on having setuid, setgid in the stdlib, but I think introducing User and Group objects would be great. Then perhaps Process.become(User) and Process.become(Group) would be ideal APIs?

I like that. I will put together a pull request.

For anyone looking for pledge. I have created a shard that adds only pledge.
https://github.com/chris-huxtable/pledge.cr