Contributed by rueda on from the the joy of pledge(2) dept.
Kristaps Dzonsons, of
mandoc and acme-client (and more) fame, has written a detailed article entitled "why pledge(2) …or, how I learned to love web application sandboxing".
The tl;dr section starts:
For practical web applications, pledge(2) presents the best compromise of development simplicity and security coverage. This alone gives BCHS applications even more of a boost beyond the many other advantages of programming on OpenBSD.
The article discusses the advantages of
pledge(2) over other sandboxing systems.
(Comments are closed)