This NYCBSDCon 2008 presentation might be of interest to those who want to learn more about PIE.
From what I can see, ngnix is now the web server of default with this release. I know with OpenBSD’s apache before it was a fully chrooted instance — is this the case now? (sorry, haven’t had time to plan with -current)
Yes, as mentioned by qbit, it does chroot. Here’s an excerpt from nginx’s OpenBSD man page:
-u By default nginx will chroot(2) to the home directory of the user
running the daemon, typically ``www'', or to the home directory
of user in nginx.conf. The -u option disables this behaviour,
and returns nginx to the original "unsecure" behaviour.
It does chroot ( by default the /var/www – the home of the www user )
There isn’t really a default since neither is enabled by default, but both are available in base now (Apache using /etc/rc.d/httpd, nginx using /etc/rc.d/nginx).