The claims about /dev and chroots indicate that the author doesn't really have a coherent threat model -- chroots don't work that way, and any attacker who can subvert /dev can as easily subvert the application's binary itself, read the application's virtual memory and extract the private key, etc.
https://lwn.net/Articles/606141/
The claims about /dev and chroots indicate that the author doesn't really have a coherent threat model -- chroots don't work that way, and any attacker who can subvert /dev can as easily subvert the application's binary itself, read the application's virtual memory and extract the private key, etc.