Re: [testing] exim-4.94 without pledge

Tue, 16 Mar 2021 14:19:07 -0700 


On 16/03/2021 17:46, Stuart Henderson wrote:


Exim has a big monolothic process design and lots of optional features
many of which pull in third party libraries which are complex themselves
(and *also* will have to deal with the same pledge restrictions which
again may vary in what functions they call depending on user config).

Maybe it's fine for some limited use cases, but it feels that there's
way too much in-scope for this to be a success for the general use case.




In fact, I scanned the code looking for calls, so this should be ready 
for general use. I could have restricted it way more for my own use only.
Though, I agree, this only protects from a very limited subset like 
route, settime, pf, audio, video.



So, here is a diff without pledge but with the SIOCGIFCONF call removed 
as this should really be tested.

Index: Makefile
===================================================================
RCS file: /cvs/ports/mail/exim/Makefile,v
retrieving revision 1.131
diff -u -p -r1.131 Makefile
--- Makefile    2 Jun 2020 12:44:19 -0000       1.131
+++ Makefile    16 Mar 2021 17:16:33 -0000
@@ -9,6 +9,8 @@ PKGNAME-main =          exim-${VERSION}
 FULLPKGNAME-eximon =   exim-eximon-${VERSION}
 FULLPKGPATH-eximon =   ${PKGPATH},-eximon
 
+REVISION =             0
+
 CATEGORIES =           mail
 
 HOMEPAGE =             https://www.exim.org/
Index: patches/patch-OS_os_h-OpenBSD
===================================================================
RCS file: patches/patch-OS_os_h-OpenBSD
diff -N patches/patch-OS_os_h-OpenBSD
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-OS_os_h-OpenBSD       16 Mar 2021 17:16:33 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: OS/os.h-OpenBSD
+--- OS/os.h-OpenBSD.orig
++++ OS/os.h-OpenBSD
+@@ -6,7 +6,7 @@
+ #define HAVE_BSD_GETLOADAVG
+ #define HAVE_MMAP
+ #define HAVE_SYS_MOUNT_H
+-#define SIOCGIFCONF_GIVES_ADDR
++#define HAVE_GETIFADDRS
+ #define HAVE_ARC4RANDOM
+ /* In May 2014, OpenBSD 5.5 was released which cleaned up the arc4random_* API
+    which removed the arc4random_stir() function. Set NOT_HAVE_ARC4RANDOM_STIR



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature






















					Reply via email to