From bb70a0c5ee3dbd9f909738c7cda7e7b76e062402 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Thu, 26 Mar 2026 05:16:06 +0000
Subject: improve 3

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/libreboot-utils/README.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'util/libreboot-utils/README.md')

diff --git a/util/libreboot-utils/README.md b/util/libreboot-utils/README.md
index 9a40d5ce..6e94035b 100644
--- a/util/libreboot-utils/README.md
+++ b/util/libreboot-utils/README.md
@@ -24,9 +24,16 @@ the kernel/system), voluntarily error out (halt all
 operation) if accessing files you don't own - that's why
 sticky bits are checked for example, even when you're root.
 
+It... blocks symlinks, relative paths, attempts to prevent
+directory escape (outside of the directory that the file
+you're creating is in), basically implementing an analog
+of something like e.g. unveil, but in userspace!
+
 Mkhtemp is designed to be the most secure implementation
 possible, of mktemp, offering a heavy amount of hardening
-over traditional mktemp.
+over traditional mktemp. Written in C89, and the plan is
+very much to keep this code portable over time - patches
+very much welcome.
 
 i.e. please read the source code
 
-- 
cgit v1.2.1