whistlez...@riseup.net wrote:
> On Thu, Feb 06, 2020 at 10:35:17AM -0700, Theo de Raadt wrote:
> > Kevin Chadwick wrote:
> >
> > > I am considering replacing all chroot use with unveil in my processes
> > > even where
> > > no filesystem access is required.
> >
> > I am discouraging this.
> >
On Thu, Feb 06, 2020 at 10:35:17AM -0700, Theo de Raadt wrote:
> Kevin Chadwick wrote:
>
> > I am considering replacing all chroot use with unveil in my processes even
> > where
> > no filesystem access is required.
>
> I am discouraging this.
>
> unveil is a complicated mechanism, and we may
>
>> I am considering replacing all chroot use with unveil in my processes even
>> where
>> no filesystem access is required.
>
> I am discouraging this.
>
> unveil is a complicated mechanism, and we may still discover a bug in
> it.
>
> Almost all the chroot in the tree are to empty unwriteab
Kevin Chadwick wrote:
> I am considering replacing all chroot use with unveil in my processes even
> where
> no filesystem access is required.
I am discouraging this.
unveil is a complicated mechanism, and we may still discover a bug in
it.
Almost all the chroot in the tree are to empty unwri
4 matches
Mail list logo
