Dante Catalfamo wrote:
> Hello friends,
>
> I just published a blog post about the BSD Authentication framework
> and I'm very excited to share it with you!
>
> I'm not an OpenBSD developer but I tried my best to understand the
> system and how it works. Please let me know if I got anything wrong.
>
> https://blog.lambda.cx/posts/how-bsd-authentication-works/
I think many people don't understand what BSD auth is:
It is an additional layer of privsep.
And whenever we have code that does privsep, we have an additional
opportunity to apply pledge/unveil to that process context.