Stefan Hagen <sh+openbsd-po...@codevoid.de> wrote: > > It doesn't help, but this one helps. > > > > So, I'm OK with this version. > > Thanks and committed (or rather fixed, as I had committed the previous > version already...)
BTW, that list of pledges is not very ineffective. - filesystem access - network access - dns access Many attack models work because a broken problem has both network and file access. If you look through the base tree, you'll see that we put much effort into re-designing programs whenever this circumstance shows up. Nothing says "redesign for privsep" like seeing pledge file + network.
