Gratitude. In the todo queue.
On Fri, Jun 15, 2018 at 10:31 AM, Stuart Henderson <s...@spacehopper.org>
wrote:
> On 2018/06/15 10:19, Base Pr1me wrote:
> > Thanks for the input, Stewart.
> >
> > I have knocked around the idea of chroot'ing in the future. It is at
> least
> > currently pledged. ... well, according to my current understanding of the
> > pledge system.
>
> It is pledged, but for the process which has access to internet
> and rw access to the filesystem ("stdio tty rpath wpath inet proc")
> pledge doesn't add a lot of safety even without chroot things would
> be a lot better if it dropped to an unprivileged uid.
>
>
