|
|
|
|
|
|
by brynet
3715 days ago
|
|
|
The entire point of pledge is self-sandboxing, in the case of an exec promise the expectation is the new process will also self-sandbox. If you think of a shell as an example, it will need to exec programs that do privileged things before they can drop them, but the parent shell itself may never need to say.. create sockets. |
|
|