1. 1
    lteo avatar lteo 5 years ago | link | on: Various OpenBSD architectures switched to PIE by default

    This NYCBSDCon 2008 presentation might be of interest to those who want to learn more about PIE.

    1. 1
      rgregory avatar rgregory 5 years ago | link | on: OpenBSD 5.2 pre-orders are up

      From what I can see, ngnix is now the web server of default with this release. I know with OpenBSD’s apache before it was a fully chrooted instance — is this the case now? (sorry, haven’t had time to plan with -current)

      1. 2
        lteo avatar lteo 5 years ago | link

        Yes, as mentioned by qbit, it does chroot. Here’s an excerpt from nginx’s OpenBSD man page:

         -u      By default nginx will chroot(2) to the home directory of the user
         running the daemon, typically ``www'', or to the home directory
         of user in nginx.conf.  The -u option disables this behaviour,
         and returns nginx to the original "unsecure" behaviour.
        1. 1
          qbit avatar qbit 5 years ago | link

          It does chroot ( by default the /var/www – the home of the www user )

          1. 1
            jcs avatar jcs 5 years ago | link

            There isn’t really a default since neither is enabled by default, but both are available in base now (Apache using /etc/rc.d/httpd, nginx using /etc/rc.d/nginx).