On Thu, Nov 15, 2012 at 11:03:15AM -0500, Thor Lancelot Simon wrote: > This strikes me as profoundly dangerous. Among other things, it > means you can't allow any program running in a chroot to receive > unix-domain messages any more since they might get passed a file > descriptor to code they should not be able to execute.
We can restrict it to VREG vnodes. -- Emmanuel Dreyfus m...@netbsd.org
