On Sat, 27 Apr 2019 at 12:46, Theo de Raadt <dera...@openbsd.org> wrote:
> Igor Podlesny <open...@poige.ru> wrote:
> > On Sat, 27 Apr 2019 at 12:37, Anthony J. Bentley <anth...@anjbe.name> wrote:
> > > You didn't check the manpage.
> > you didn't think it over.
> > https://www.mail-archive.com/misc@openbsd.org/msg167012.html
>
> No, you didn't think it through at all.
>
> You are expecting

Now we enter that part were Theo becomes a medium.

> Then you wish to use this inside a chroot jail, and make it tighter.
>
> Fine.
> Next you argue but what if the program inside the jail adjusts
> it's environment.  Well then all bets are off.  Why would that
> program modify it's environment variable only, rather than just
> doing anything else it wants to do?

Because any user space daemon can clear up its own environment
completely and put a big bold dick onto your malloc options, Theo.

> Why would it restrict itself to adjusting this specific environment
> variable only, and why would you consider that to impact security?
>
>
> The malloc configuration was moved to a sysctl to make it compatible
> with pledge+unveil.  It has tightened the security in many programs.
>
> The change has weakened security in your configurations because
> you designed them wrong.
>
> Finally Igor you are being a jerk.  Cut it out.

Very jerk-like sounding. Cut it out, Theo. But it's obvious you can't. Nature...

-- 
End of message. Next message?

Reply via email to