> By "does not move us any closer" I don't believe he wants us to do it at all.
Then take a look at ยง 5.1 of the paper which gives a clearer example with which to draw the distinction.
Eliminating trusted code is what you're doing by decorating uncompress with pledge() with any capability to acquire resources; anything beyond stdio (or seccomp)
Minimizing privilege means focusing on finding some other argument for pledge().
Then take a look at ยง 5.1 of the paper which gives a clearer example with which to draw the distinction.
Eliminating trusted code is what you're doing by decorating uncompress with pledge() with any capability to acquire resources; anything beyond stdio (or seccomp)
Minimizing privilege means focusing on finding some other argument for pledge().