[Semibug] Will OpenBSD's Pledge and Unveil stop this?

Josh Grosse josh at jggimi.net
Thu Mar 2 12:07:07 EST 2023

On Thu, Mar 02, 2023 at 09:43:36AM -0700, Jonathan Drews wrote:
> Guys and gals:  
>  I read this:
> It's official: BlackLotus malware can bypass Secure Boot on Windows machines
> https://www.theregister.com/2023/03/01/blacklotus_malware_eset/
> Will Pledge and Unveil prevent tsomething like this from invading my OpenBSD laptop?

I don't think so, it's a different attack vector.  Please also note that
this is an attack against Secure Boot, which isn't used by OpenBSD.

The pledge(2) and unveil(2) syscalls are designed for use by the
application developer to intentionally restrict her application
to a subset of syscalls or a subset of filesystems.  Useful primarily
for ensuring the application behaves as the developer intended.

With pledge() the application aborts if an unauthorized syscall is 
made, and with unveil() the application fails to open, read, or write
to unauthorized files or directories.

More information about the Semibug mailing list