Stefan Hagen <sh+openbsd-ports@codevoid.de> wrote:
> > It doesn't help, but this one helps.
> >
> > So, I'm OK with this version.
>
> Thanks and committed (or rather fixed, as I had committed the previous
> version already...)
BTW, that list of pledges is not very ineffective.
- filesystem access
- network access
- dns access
Many attack models work because a broken problem has both network and file
access.
If you look through the base tree, you'll see that we put much effort into
re-designing programs whenever this circumstance shows up. Nothing says "redesign
for privsep" like seeing pledge file + network.
No comments:
Post a Comment