From: "Theo de Raadt" <deraadt@openbsd.org>
Subject: Re: Move the ssh-agent socket from /tmp to $HOME/.ssh/
To: Christian Weisgerber <naddy@mips.inka.de>
Cc: tech@openbsd.org
Date: Tue, 29 Apr 2025 09:38:22 -0600

Are we missing a pledge behaviour that would block opening of
AF_UNIX sockets?

Or is gaining access to other AF_UNIX sockets the main reason why
the browsers are accessing /tmp?

And of course, the problem with a such a pledge, is that it would affect
everywhere in the filesystem.  But maybe there is some restriction we can
impose which blocks this.