Jonathan Schleifer <[email protected]> wrote: > Am 02.03.26 um 12:01 schrieb Stuart Henderson: > > > committed. > > Thanks! > > > btw, "tmppath" pledge will be removed from -current and the recent > > -stable releases very soon, it would be good if you could remove support > > Luckily, the sandbox class is private since it is way too tied to > OpenBSD, so nothing else is using it. And tmppath in particular is not > used at all, meaning this is never constructed in the string passed to > pledge. > > It's a longstanding to do to come up with an OS-agnostic sandboxing API, > but it's hard to make something that fits every OS.
But will it stop Tonka trucks from leaving the sand and getting onto the lawn? The only way to do what you are talking about here is to dumb it down to the least capable subsystem. But that will make it much, much, much less ineffective than a pristine solution. At that point the word 'sandboxing becomes approximately as valuable as it has been for for a while. The bar should be high, but it is low. But the word sandboxing is always satisfied by performing the minimum. "Oh we sandboxed it". The problem is the community understanding that a minimum sandbox is still considered a sandbox.
