Gratitude. In the todo queue. On Fri, Jun 15, 2018 at 10:31 AM, Stuart Henderson <s...@spacehopper.org> wrote:
> On 2018/06/15 10:19, Base Pr1me wrote: > > Thanks for the input, Stewart. > > > > I have knocked around the idea of chroot'ing in the future. It is at > least > > currently pledged. ... well, according to my current understanding of the > > pledge system. > > It is pledged, but for the process which has access to internet > and rw access to the filesystem ("stdio tty rpath wpath inet proc") > pledge doesn't add a lot of safety even without chroot things would > be a lot better if it dropped to an unprivileged uid. > >