A LOT of those innovations were first present in grsecurity/PaX. Back when it was freely available to everyone as well.
I guess the arguments is the OpenBSD has them by default with needing a 3rd party patch, that's why they're claiming them as their innovations?
Yup! The idea behind Pledge/Unveil was first in Landlock also.
> that's why they're claiming them as their innovations?
I think they are just listing their specific implementations as innovations, their particular approach. Too many of what they list was definitely not an original idea, so they can't possible be suggesting otherwise. At least, I would hope not.
> The idea behind Pledge/Unveil was first in Landlock also.
This is so plainly, and verifiably untrue, that it's almost funny. The patch series and kernel commit adding Landlock to the Linux kernel even references OpenBSD pledge(2)/unveil(2) as a source of inspiration.
> This is so plainly, and verifiably untrue, that it's almost funny.
I just found that email and the talk for the project myself and noted the author referenced pledge in another comment, but thought that could be due to the earlier OpenBSD release having gotten press, making it useful as a point of comparison.
I had honestly thought the landlock website or an earlier talk had pre-dated the release of OpenBSD 5.9, but I appear to have been wrong about that.
Linux 5.13 was the first kernel release with Landlock incorporated, but the Landlock project is from 2016 also.
I found the announcement email for Landlock posted to the lkml[1] where the author compares the project to Pledge. There's also his talk[2] from 2016 if you're interested. I was certain landlock predated pledge, as I thought the website or earliest talk was from late 2015, but I am less certain now, indeed I seem to have been wrong in my claim.
As for either being the first, at the very least Seatbelt from Apple has a paper dated 2011[3] and was released with macOS 10.5.
OpenBSD's pledge(2) was first talked about publicly as tame(2), and was presented in at FSec 2015, it was renamed pledge(2) as mentioned on the OpenBSD 5.9 page.
I thought I had remembered something from Landlock from 2015 also, but can't find anything supporting that. The first version referenced is v7 or v0.7, so it's possible there was a talk for v0.1 or something that isn't online anywhere.
I'll concede that's less likely and I'm probably just wrong and misremembering though.
