1. 1

    This NYCBSDCon 2008 presentation might be of interest to those who want to learn more about PIE.

    1. 1

      From what I can see, ngnix is now the web server of default with this release. I know with OpenBSD’s apache before it was a fully chrooted instance — is this the case now? (sorry, haven’t had time to plan with -current)

      1. 2

        Yes, as mentioned by qbit, it does chroot. Here’s an excerpt from nginx’s OpenBSD man page:

         -u      By default nginx will chroot(2) to the home directory of the user
                 running the daemon, typically ``www'', or to the home directory
                 of user in nginx.conf.  The -u option disables this behaviour,
                 and returns nginx to the original "unsecure" behaviour.
        1. 1

          It does chroot ( by default the /var/www – the home of the www user )

          1. 1

            There isn’t really a default since neither is enabled by default, but both are available in base now (Apache using /etc/rc.d/httpd, nginx using /etc/rc.d/nginx).