> Why not make pledge dns dependent the -p flag?
Because it isn't a trivial diff.
dig (host, nslookup, etc) use this horrible ISC library that
has deep inside it:
static isc_result_t
try_proto(int domain) {
int s;
isc_result_t result = ISC_R_SUCCESS;
char strbuf[ISC_STRERRORSIZE];
s = socket(domain, SOCK_STREAM | SOCK_DNS, 0);
That SOCK_DNS call was added, since we only use this library for
these tools.
Up at the top, we could add back the '-p port' options. But deep down
in this library, we do not know what port number will be used, to
decide whether we should specify SOCK_DNS or not.
There's a small piece some people have missed. pledge doesn't
block port 53. It is blocked unless you use SOCK_DNS. That was
a step taken seperate "hostname/dns lookup" pieces of code from
"internet speaking" pieces of code. That step allowed pledge to
do something really cool.
Yes, we changed unix.
Grep the entire tree for pledge.*inet and pledge.*dns, study that,
it will make it more clear. We couldn't have those markers unless
we created this semantic split.
Fortunately, most bodies of code can handle this differentiation
very well. Unfortunately, this specific family of tools don't.
Someone could write a diff, and test it well...
