Skip to Content [alt-c]
In reply to Comment by Reader Richard Yao
As another commenter pointed out, Linux, as do many Unixes, has chroot(). If you're going to start a program's execution from inside a chroot, it makes sense to set up a basic directory structure. However, a very common privilege separation technique is to start execution outside the jail, open all the resources you need, and then chroot into a completely empty unwritable directory. OpenSSL has the API to make this work (as do other crypto libraries such as libsodium); LibreSSL does not.
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.