On 2018/06/15 10:19, Base Pr1me wrote: > Thanks for the input, Stewart. > > I have knocked around the idea of chroot'ing in the future. It is at least > currently pledged. ... well, according to my current understanding of the > pledge system.
It is pledged, but for the process which has access to internet
and rw access to the filesystem ("stdio tty rpath wpath inet proc")
pledge doesn't add a lot of safety even without chroot things would
be a lot better if it dropped to an unprivileged uid.
