On Mon, Dec 21, 2015 at 03:34:43PM -0500, dan mclaughlin wrote: > yes they are huge beasts, but they can still be forced into cages. half my > posts seem to refer to back to this, but.. you can try: > > 'isolating untrusted programs in ssh chroot jails' > https://marc.info/?l=openbsd-misc&m=142676615612510&w=2 > > i run my browser and pdf viewers in them. i make sure too that my pdf/djvu > viewers don't have net access either using pf. i try to leverage most of > the mitigation facilities available in base (though so far i haven't yet > seriously experimented with systrace). > > Mr. Coppa previously reported that he managed it with firefox. i mention > the programs i could and couldn't jail in the post.
I don't understand why do you switch topic from pledge() to chroots... j.
