alt Hacker NewsOpenBSD doesn't have separate user accounts for sandboxes. These sandboxes are not linux-style containers, they're narrowed views of the full install.
If you're root inside the sandbox, you're root outside it. This exploit requires you to already be root.
But the issue of root and accessing outside of the sandbox is orthogonal, no? Even if you're logged in as XYZ, accessing XYZ's contents outside of the sandbox is still a breach and a problem. Or does this issue require actual root to manifest?