More detail on isolation comment

author: Dante Catalfamo 2020-06-28 18:56:45 -0400
committer: Dante Catalfamo 2020-06-28 18:56:45 -0400
commit: b167b6aa86b9b621b407439c76fdaf363662a265 (patch)
tree: aeb1aba8135863c8a4a2b8c3886eb7d73265964e /content/posts
parent: 4bd38421124c357084bd24f91466708ffe8e75a0 (diff)
download: blog-b167b6aa86b9b621b407439c76fdaf363662a265.tar.gz
blog-b167b6aa86b9b621b407439c76fdaf363662a265.tar.bz2
blog-b167b6aa86b9b621b407439c76fdaf363662a265.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org
index 616c596..f79841b 100644
--- a/content/posts/how-bsd-authentication-works/index.org
+++ b/content/posts/how-bsd-authentication-works/index.org
@@ -26,8 +26,9 @@ later donated the system. It was adopted by OpenBSD in release
 2.9. BSD Auth is comparatively much simpler than PAM. Modules or,
 authentication "styles", are instead stand alone applications or
 scripts that communicate over IPC (=PF_LOCAL, SOCK_STREAM=, more
-specifically). The program or script can then very easily isolate
-itself using something like =pledge(3)= or =unveil(3)=.
+specifically). The program or script has no ability to interfere with
+the parent and can very easily isolate itself using =pledge(3)= or
+=unveil(3)=.
 
 
 This one is pretty difficult, since there seems to be very little
author	Dante Catalfamo	2020-06-28 18:56:45 -0400
committer	Dante Catalfamo	2020-06-28 18:56:45 -0400
commit	b167b6aa86b9b621b407439c76fdaf363662a265 (patch)
tree	aeb1aba8135863c8a4a2b8c3886eb7d73265964e /content/posts
parent	4bd38421124c357084bd24f91466708ffe8e75a0 (diff)
download	blog-b167b6aa86b9b621b407439c76fdaf363662a265.tar.gz blog-b167b6aa86b9b621b407439c76fdaf363662a265.tar.bz2 blog-b167b6aa86b9b621b407439c76fdaf363662a265.zip