alt Hacker News>it’s time everyone considers OpenBSD
https://x.com/ortegaalfredo/status/2055362910415671459
When your super secure feature gets defeated by a symlink maybe it's not really time to consider it...
Sure, things are not better in the linux world but at least there's more eyes to fix issues there just because of the market share.
Replies
ori_b • yesterday at 2:25 PM
Note that this specific symlink was special cased because sandboxed programs still need to access timezones. Also note that you would need to be root to create that special cased symlink. It's embarrassing, but less catastrophic than it looks at first glance.
Running security-critical code as root is still a bad idea.
Your "evidence" for him to reconsider is a sandbox "bypass" that requires you to be root to set up the environment?
For my next trick I will demonstrate how to break into my own house to open the blinds by using my keys.
Security researcher theatrics will never not be funny.