improve 3

Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-26 05:16:06 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-26 05:16:06 +0000
commit: bb70a0c5ee3dbd9f909738c7cda7e7b76e062402 (patch)
tree: fbd7350e79fc0c1492b4a44fb8b4390d8244e344
parent: dbcbdeeb517ce544ac582f6aea862c131fc006ae (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/util/libreboot-utils/README.md b/util/libreboot-utils/README.md
index 9a40d5ce..6e94035b 100644
--- a/util/libreboot-utils/README.md
+++ b/util/libreboot-utils/README.md
@@ -24,9 +24,16 @@ the kernel/system), voluntarily error out (halt all
 operation) if accessing files you don't own - that's why
 sticky bits are checked for example, even when you're root.
 
+It... blocks symlinks, relative paths, attempts to prevent
+directory escape (outside of the directory that the file
+you're creating is in), basically implementing an analog
+of something like e.g. unveil, but in userspace!
+
 Mkhtemp is designed to be the most secure implementation
 possible, of mktemp, offering a heavy amount of hardening
-over traditional mktemp.
+over traditional mktemp. Written in C89, and the plan is
+very much to keep this code portable over time - patches
+very much welcome.
 
 i.e. please read the source code
author	Leah Rowe <leah@libreboot.org>	2026-03-26 05:16:06 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-26 05:16:06 +0000
commit	bb70a0c5ee3dbd9f909738c7cda7e7b76e062402 (patch)
tree	fbd7350e79fc0c1492b4a44fb8b4390d8244e344
parent	dbcbdeeb517ce544ac582f6aea862c131fc006ae (diff)