On Sat, 27 Apr 2019 at 12:46, Theo de Raadt <dera...@openbsd.org> wrote: > Igor Podlesny <open...@poige.ru> wrote: > > On Sat, 27 Apr 2019 at 12:37, Anthony J. Bentley <anth...@anjbe.name> wrote: > > > You didn't check the manpage. > > you didn't think it over. > > https://www.mail-archive.com/misc@openbsd.org/msg167012.html > > No, you didn't think it through at all. > > You are expecting
Now we enter that part were Theo becomes a medium. > Then you wish to use this inside a chroot jail, and make it tighter. > > Fine. > Next you argue but what if the program inside the jail adjusts > it's environment. Well then all bets are off. Why would that > program modify it's environment variable only, rather than just > doing anything else it wants to do? Because any user space daemon can clear up its own environment completely and put a big bold dick onto your malloc options, Theo. > Why would it restrict itself to adjusting this specific environment > variable only, and why would you consider that to impact security? > > > The malloc configuration was moved to a sysctl to make it compatible > with pledge+unveil. It has tightened the security in many programs. > > The change has weakened security in your configurations because > you designed them wrong. > > Finally Igor you are being a jerk. Cut it out. Very jerk-like sounding. Cut it out, Theo. But it's obvious you can't. Nature... -- End of message. Next message?
