Contributed by rueda on from the the joy of pledge(2) dept.
Kristaps Dzonsons, of mandoc
and acme-client (and more) fame, has written a detailed article entitled "why pledge(2) …or, how I learned to love web application sandboxing".
The tl;dr section starts:
For practical web applications, pledge(2) presents the best compromise of development simplicity and security coverage. This alone gives BCHS applications even more of a boost beyond the many other advantages of programming on OpenBSD.
The article discusses the advantages of pledge(2)
over other sandboxing systems.
(Comments are closed)
By bmarshall (50.69.74.186) on
https://news.ycombinator.com/item?id=13037442