Skip to Content [alt-c]
In reply to Comment by Reader Richard Yao
As another commenter pointed out, Linux, as do many Unixes, has chroot(). If you're going to start a program's execution from inside a chroot, it makes sense to set up a basic directory structure. However, a very common privilege separation technique is to start execution outside the jail, open all the resources you need, and then chroot into a completely empty unwritable directory. OpenSSL has the API to make this work (as do other crypto libraries such as libsodium); LibreSSL does not.
Reply
Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
monospaced
Post a Reply
Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible.