Re: chroot vs unveil
whistlez...@riseup.net wrote: > On Thu, Feb 06, 2020 at 10:35:17AM -0700, Theo de Raadt wrote: > > Kevin Chadwick wrote: > > > > > I am considering replacing all chroot use with unveil in my processes > > > even where > > > no filesystem access is required. > > > > I am discouraging this. > > > > unveil is a complicated mechanism, and we may still discover a bug in > > it. > > > > Almost all the chroot in the tree are to empty unwriteable directories, > > in which case chroot is very secure and a very simple mechanism. > > > > you'd suggest the same for the browsers ? they don't use chroot, and they cannot. chroot is *only* available to root.
Re: chroot vs unveil
On Thu, Feb 06, 2020 at 10:35:17AM -0700, Theo de Raadt wrote: > Kevin Chadwick wrote: > > > I am considering replacing all chroot use with unveil in my processes even > > where > > no filesystem access is required. > > I am discouraging this. > > unveil is a complicated mechanism, and we may still discover a bug in > it. > > Almost all the chroot in the tree are to empty unwriteable directories, > in which case chroot is very secure and a very simple mechanism. > you'd suggest the same for the browsers ? thank you
Re: chroot vs unveil
> >> I am considering replacing all chroot use with unveil in my processes even >> where >> no filesystem access is required. > > I am discouraging this. > > unveil is a complicated mechanism, and we may still discover a bug in > it. > > Almost all the chroot in the tree are to empty unwriteable directories, > in which case chroot is very secure and a very simple mechanism. > I shall do the same then, thank you for the guidance.
Re: chroot vs unveil
Kevin Chadwick wrote: > I am considering replacing all chroot use with unveil in my processes even > where > no filesystem access is required. I am discouraging this. unveil is a complicated mechanism, and we may still discover a bug in it. Almost all the chroot in the tree are to empty unwriteable directories, in which case chroot is very secure and a very simple mechanism.
chroot vs unveil
I am considering replacing all chroot use with unveil in my processes even where no filesystem access is required. Is there any guidance on whether that is the best practice, where you only intend to run on OpenBSD?
