A Measurement Study on the Adoption of Pledges and Unveils in the OpenBSD Operating System
Summary
This article provides an empirical study of how OpenBSD adopts pledge and unveil security primitives to restrict system calls and file access. It analyzes adoption across the codebase, discusses security benefits, and notes challenges in retrofitting legacy code, offering practical guidance for implementing capability-based restrictions in OS design.