alt Hacker NewsThanks. It was not evident from the example whether root inside of the sandbox is necessary - I assumed creating arbitrary symlinks doesn't require any particular capabilities, and there's nothing special about the locations.
Though it's not clear to me now:
- why was this patched then?
- is the point about root that non-root wouldn't have access to passwd anyway?
OpenBSD doesn't have separate user accounts for sandboxes. These sandboxes are not linux-style containers, they're narrowed views of the full install.
If you're root inside the sandbox, you're root outside it. This exploit requires you to already be root.