joshua stein <j...@openbsd.org> wrote: Thanks for moving back to a secure approach.
> I tried the $TMPDIR shenanigans with the main process mkdtemp'ing > somewhere in $TMPDIR (or /tmp), and then exporting TMPDIR as that > directory so that everything else within Firefox uses that > subdirectory as its temp directory, allowing /tmp to be removed from > the unveil lists and only that subdirectory visible. Unfortunately > the first thing to break was our own shm_open() which hard-codes > /tmp and doesn't honor $TMPDIR. So that all was ripped out and > we're back to full access to /tmp. jcs and I have started talking to tedu about this, as the eixsting shm_open() is his design, a design which is now uncomfortable for unveil/pledge.