The thing is I find stuff like pledge adn unveil to be basically toys. Pledge especially since it relies on the software author utilizing it. We've had stuff like RBAC and MAC implementations for 20 years, and RBAC doesn't have to be complicated, look at AppArmor. If the OpenBSD guys really cared about security, they would be working on something like that.
Look at their remote root ssh bug. If they were a secure OS, someone getting remote root wouldn't be such a big issue, with RBAC/MAC it's clearly not such an issue, with the default 'secure' install, it sure was. Then again, I don't think the obsd devs have a real interest in security, so much as an interest in correcting bugs, which they falsely equate to be the same thing. Pretty sure one dev had no idea what MAC/RBAC even is and was trying to claim pledge is the exact same thing, which only lessens any confidence I had in them.
The remote ssh bug? It was caused by some Linux distributions patching sshd to link to libsystemd which required liblzma which had the backdoor. It didn’t affect OpenBSD or involve upstream OpenSSH.
I mean the remote ssh bug from 2002 that caused OpenBSD to alter their tagline to "One remote hole in the default install, in nearly 6 years!". Pretty sure that affected OpenBSD.
Look at their remote root ssh bug. If they were a secure OS, someone getting remote root wouldn't be such a big issue, with RBAC/MAC it's clearly not such an issue, with the default 'secure' install, it sure was. Then again, I don't think the obsd devs have a real interest in security, so much as an interest in correcting bugs, which they falsely equate to be the same thing. Pretty sure one dev had no idea what MAC/RBAC even is and was trying to claim pledge is the exact same thing, which only lessens any confidence I had in them.