>> It's designed to run on OpenBSD but works crappily on Mac OS X and >> Linux. Crappily because both are hostile to good security practises. >> I'm not going to put any extra effort into these for compatibility. > > I think you already added a lot of compatibility goo. > Might have been better if you started with a clean OpenBSD only client.
Joerg, The only real compat is the ifdef for OpenBSD's pledge and for OSX's sandbox_init (which is all but useless and can be removed without loss of functionality), an ifdef for setres[ug]id and sys_signame (for debugging), and some _GNU_SOURCE for asprintf on Linux (meh). Since moving DNS resolution to its own component, dnsproc.c, there's no funny compat business in terms of programme flow, functionality, or structure. In other words, if I were to rebuild it without Linux or Mac, it wouldn't look different with one exception that will shortly go away (using setproctitle and err.h instead of having my own dowarnx et al). Best, Kristaps
