June 15, 2021 7:32 PM, "Claudio Jeker" <[email protected]> wrote: >> [...] It's on the official domain, so I've assumed that it was a >> trustworthy source - I guess not? Did a hacker put it there? > You are just trolling around. Sorry, I was just a bit salty because of that "paper" about sandboxes. The main point of my original post was to: 1. show the issue (and find out if it's even an issue) 2. find out why it's that way - since OpenBSD is a security-oriented OS, I've wrongly assumed that there would be some documents explaining every decision. I've been very interested in stuff related to OS security, so I thought that it would be pretty interesting.
However, the first email I've opened contained two links - one to a paywalled document, the second to that kids' sandbox bullshit. Then I've read Theo's insightful point about sandboxes being for kids. Go figure. > Sorry but a presentation of a brand new feature is not documentation. > It shows the state in 2018 and since then a lot has changed. That > presentation is actually very clear that some ideas are dreams and that > stuff will change. A presentation is going to have a bigger effect on people than docs. That's the point of it. And since it branded unveil as a security feature, I took it as such. > The main goal was to build something that works for a few important > applications but it is not a universal tool because it would be so complex > that neither "mere mortals" nor OpenBSD developers would be able to use > it. It already is complex enough for that. Have you seen that commit I've linked? An OpenBSD developer has misused it, which shows that (as we both agree) it should have better documentation. Again, if an OpenBSD dev has made that mistake - developers from the outside will probably make it too. > We don't write long design documents that then fail to be implemented. It > took multiple tries to get unveil() off the ground. realpath(3) is a good > example that took many tries to figure out. During this time it was also > realized that keeping unveil over exec is kind of impossible without > weakening unveil(). You can't restrict access and still allow every program > to run. Thanks a lot for explaining this! I wasn't neccessarily looking for "long design documents", I would've been fine with just reading some old commit messages, but it seems like all the unveil commits got squashed together*. *granted I was using the git mirror, it's possible that I've missed some CVS quirk which would allow me to view those.
