On 2019/01/21 22:34, Theo de Raadt wrote:
> This approach seems backwards.
>
> It is hiding sensors from programs which are pledged (ie. we put effort into
> security, therefore a fig leaf for privacy)
>
> But.. in programs we cannot pledge, we continue exporting.
>
> Yes chrome is pledged so pe
This approach seems backwards.
It is hiding sensors from programs which are pledged (ie. we put effort into
security, therefore a fig leaf for privacy)
But.. in programs we cannot pledge, we continue exporting.
Yes chrome is pledged so permanently has no access to the information.
I am not lovi
Wouldn't this break sensorsd? (It's already been converted to use pledge.)
C.
On Mon, 21 Jan 2019 at 20:19, Ted Unangst wrote:
>
> We recently had a thread about adding more sensors, but then the browser will
> use them to spy on us, and everybody was sad. We allow hw.sensors even for
> pledge
We recently had a thread about adding more sensors, but then the browser will
use them to spy on us, and everybody was sad. We allow hw.sensors even for
pledge processes because ntpd needs to read the time. However, ntpd only needs
to read the time.
This diff zeroes out sensors other than timedelt
