[hobarrera]

https://marc.info/?l=openbsd-tech&m=143725996614627&w=2

[gonzo]

As noted below, Theo seems to be cautiously boarding the capabilities train with tame. That said, there appear to be some rather large issues with the implementation as it stands.

[FullyFunctional]

tame(2) seems really ad-hoc. Also, isn't the path checking, like

  strncmp(path, "/tmp/", 5) == 0) {

trivially bypassable with a something like /tmp/../usr/bin ?