CVSROOT: /cvs
Module name: src
Changes by: flor...@cvs.openbsd.org 2019/06/16 13:49:13
Modified files:
usr.sbin/acme-client: chngproc.c extern.h fileproc.c main.c
revokeproc.c
Log message:
Trade unveil(2) for chroot(2).
This uses less code and unveil(2) seems to be the better tool here.
The directory one chroots into needs to be carefully setup (they are
not) and comon wisedom is that root can break out of chroots.
There is probably nothing wrong with the chroot code because of pledge
but it still makes me feel uneasy.
input & OK on previous version mestre
OK on previous version deraadt
bug found, input & OK benno
