Landry Breuil <landry@openbsd.org> wrote:
> On Tue, Dec 10, 2019 at 10:18:37AM -0700, Theo de Raadt wrote:
> > Landry Breuil <landry@openbsd.org> wrote:
> >
> > > Well, i managed to have a 'video' pledge class, so you can probably get
> > > an 'uhidioctl' class :)
> >
> > I still feel the addition of 'video' pledge was an abuse of the concept.
> >
> > firefox has done a pretty weak version of privsep that requires a
> > 'master process' to have nearly all the pledges. The pledge options are
> > designed to encourage best-practice privsep, but firefox wants to
> > operate a master process with such a vast subset of full-posix, it is as
> > if it doesn't use pledge at all.
> >
> > It is similar with unveil, with this new diff. That process wants to
> > use a library which accesses many tens of files. This new subsystem
> > hasn't been seperated out into a process with a specific purpose.
>
> I've been told they welcome new contributors sending patches :)
My contribution would be to delete it.
No comments:
Post a Comment