Support OpenBSD's pledge(2), unveil(2) in programming languages
Read more about privelege separation and pledge in Wikipedia and in talk “Privilege Separation and Pledge” by Theo de Raadt, dotSecurity 2016.
NOTE: In case your favourite language has pledge(2) or unveil(2) support and absent in a table, please drop me a line and I’ll add it to a table.
| Language | Support of unveil(2) | Support of pledge(2) | Support of privelege separation |
|---|---|---|---|
| Ada | Yes | Yes | - |
| C/C++ | unveil(2) | pledge(2) | - |
| Crystal | No | chris-huxtable/pledge.cr | - |
| Erlang | Yes | Yes | |
| Go | native support, ~qbit/protect | native support, ~qbit/protect | poolpOrg/privsep |
| Haskell | varikvalefor/plegg | varikvalefor/plegg, oherrala/hs-pledge | - |
| Korn Shell | netzbasis/openbsd-src | netzbasis/openbsd-src | - |
| Lua | n0la/lua-openbsd | n0la/lua-openbsd | - |
| Nim | euantorano/pledge.nim (v2.0.0+) | euantorano/pledge.nim | - |
| .NET (C#, F# and VB) | No | NattyNarwhal/pledge.cs | - |
| Perl | OpenBSD::Unveil, afresh1/OpenBSD-Unveil | OpenBSD::Pledge, afresh1/OpenBSD-Pledge, rfarr/Unix-Pledge | - |
| PHP | tvlooy/php-pledge (included in PHP 7.4) | tvlooy/php-pledge (included in PHP 7.4) | - |
| Python | py-openbsd | jarmani/py-openbsd-pledge, py-pledge | - |
| Rust | unveil | pledge | reyk/privsep-rs |
| Ruby | jcs/ruby-unveil | jeremyevans/ruby-pledge | - |
| Scheme | No | Yes | - |
| Javascript | openbsd-unveil | node-pledge, openbsd-pledge | - |
| Java | No | Hashwords/pledge | - |
| Zig | native support | native support | - |
BTW there are ports of pledge(2) and unveil(2) on Linux and SerenityOS.