Chaz Kettleson <chaz@pyr3x.com> wrote:
> My general thought here was since I only needed wpath/cpath for pid/log
> files, and I was not going to patch for syslog (still need to write pid
> anyway), I would at least unveil for only those files. The idea of
> unveil("/", "") just seemed like a sane default from other domains where
> a "block all, explicitly allow" makes sense.
It is not sane. But also, it is not idiomatic. You can't find this in
any other code. You made it up, it's an assumption that "everything
possible should be used, it is all free". Try to explain what this does
and why it is needed and why noone else uses it? You won't find a reason.
No comments:
Post a Comment