> There is only one thing I want to clarify: > > > Oddly, base has a few programs which can spawn! But not access network. > > And the result is sane, unlike lynx. > > Theo, you mean that network access and exec should never happen in the > same process or in the same application?
The safety model of pledge only comes from taking as much as possible away from the program. The diff I saw for lynx leaves a lot still enabled.
