Jesper Wallin <jesper@ifconfig.se> wrote:

> On Tue, Apr 29, 2025 at 07:48:35AM -0600, Theo de Raadt wrote:
> > ~/can be on NFS, whereas /tmp is gauranteed to be local.
> > 
> > Your proposal has some pretty big consequences.
> 
> Oh, good point.  Yeah, that complicates things.
>  
> > As for your problem with /tmp versus in a sub-directory of home, I
> > don't see how this is actually solving it.
> > 
> > Unveil does not solve the problem if non-unveiled programs accessing
> > files.  It only prevents unveiled programs from accessing such files,
> > obviously.
> 
> Hehe, obviously.
> 
> The scenario I had in mind was Firefox, where each process is unveiled
> to only have accesses to the file and directories it needs access to.
> Though, every single process of Firefox has 'rwc' access to /tmp.
> 
> So if Firefox got compromised, it can still access my ssh-agent socket
> that lives in /tmp.  Though, Firefox does not have access to ~/.ssh.

And what does firefox do then?