improve 3

Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-26 05:16:06 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-26 06:59:42 +0000
commit: b2117065596dc5750f27dd979e358306aabda262 (patch)
tree: d11dcb7909f743d4c9fa9c36eef5974d3a019d2d
parent: 4d4285e63c2749662017a7ed7cb8c60f0a6711b5 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/util/libreboot-utils/README.md b/util/libreboot-utils/README.md
index 9a40d5ce..6e94035b 100644
--- a/util/libreboot-utils/README.md
+++ b/util/libreboot-utils/README.md
@@ -24,9 +24,16 @@ the kernel/system), voluntarily error out (halt all
 operation) if accessing files you don't own - that's why
 sticky bits are checked for example, even when you're root.
 
+It... blocks symlinks, relative paths, attempts to prevent
+directory escape (outside of the directory that the file
+you're creating is in), basically implementing an analog
+of something like e.g. unveil, but in userspace!
+
 Mkhtemp is designed to be the most secure implementation
 possible, of mktemp, offering a heavy amount of hardening
-over traditional mktemp.
+over traditional mktemp. Written in C89, and the plan is
+very much to keep this code portable over time - patches
+very much welcome.
 
 i.e. please read the source code
author	Leah Rowe <leah@libreboot.org>	2026-03-26 05:16:06 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-26 06:59:42 +0000
commit	b2117065596dc5750f27dd979e358306aabda262 (patch)
tree	d11dcb7909f743d4c9fa9c36eef5974d3a019d2d
parent	4d4285e63c2749662017a7ed7cb8c60f0a6711b5 (diff)