Re: Pledge() in smtpd

2015-11-12 Thread Gilles Chehade 
On Thu, Nov 12, 2015 at 12:37:28AM +, michalzient...@gmail.com wrote:
> Hello guys,
> 
> Recently i was reading about new OpenBSD security mechanism called pledge(). 
> I think this is another great idea from OpenBSD. Are you going to make use of 
> it ? 
> 

OpenSMTPD already integrates pledge() in OpenBSD.


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Odp.: Re: Pledge() in smtpd

2015-11-12 Thread michalzientara 
That's one small step for opensmtpd but one giant leap for mankind :)

--Oryginalna wiadomość--
Od: Gilles Chehade
Do: michalzient...@gmail.com
DW: misc@opensmtpd.org
Temat: Re: Pledge() in smtpd
Wysłano: 12 lis 2015 09:22

On Thu, Nov 12, 2015 at 12:37:28AM +, michalzient...@gmail.com wrote:
> Hello guys,
> 
> Recently i was reading about new OpenBSD security mechanism called pledge(). 
> I think this is another great idea from OpenBSD. Are you going to make use of 
> it ? 
> 

OpenSMTPD already integrates pledge() in OpenBSD.


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: Pledge() in smtpd

2015-11-11 Thread Martijn van Duren 

On 11/12/15 01:37, michalzient...@gmail.com wrote:

Hello guys,

Recently i was reading about new OpenBSD security mechanism called pledge(). I 
think this is another great idea from OpenBSD. Are you going to make use of it ?

Regards,
Michal Zientara



Pledge is already used within the OpenBSD tree[1], so yes.
On other platforms I can't tell you, since I'm not a developer on either 
smtpd or the other platforms, although I reckon it's highly unlikely, 
since it's an in kernel implementation. But as Theo stated[2]: someone 
smart might be able to build a compatible layer upon seccomp. Just don't 
hold your breath.


[1] 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtpd.c?rev=1.254=text/x-cvsweb-markup

[2] http://www.openbsd.org/papers/hackfest2015-pledge/mgp00034.html

--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: Pledge() in smtpd

2015-11-11 Thread Loganaden Velvindron 
On Thu, Nov 12, 2015 at 4:37 AM,   wrote:
> Hello guys,
>
> Recently i was reading about new OpenBSD security mechanism called pledge(). 
> I think this is another great idea from OpenBSD. Are you going to make use of 
> it ?
>

Yes, OpenSMTPd is already taking advantage of pledge() in OpenBSD.

However, please note that this is an OpenBSD-only implementation, as pledge

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Odp.: Re: Pledge() in smtpd

2015-11-11 Thread michalzientara 
That's great, thanx!
--Oryginalna wiadomość--
Od: Martijn van Duren
Do: misc@opensmtpd.org
DW: michalzient...@gmail.com
Temat: Re: Pledge() in smtpd
Wysłano: 12 lis 2015 08:27

On 11/12/15 01:37, michalzient...@gmail.com wrote:
> Hello guys,
>
> Recently i was reading about new OpenBSD security mechanism called pledge(). 
> I think this is another great idea from OpenBSD. Are you going to make use of 
> it ?
>
> Regards,
> Michal Zientara
>
>
Pledge is already used within the OpenBSD tree[1], so yes.
On other platforms I can't tell you, since I'm not a developer on either 
smtpd or the other platforms, although I reckon it's highly unlikely, 
since it's an in kernel implementation. But as Theo stated[2]: someone 
smart might be able to build a compatible layer upon seccomp. Just don't 
hold your breath.

[1] 
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtpd.c?rev=1.254=text/x-cvsweb-markup
[2] http://www.openbsd.org/papers/hackfest2015-pledge/mgp00034.html

b��yǢ��m�+)[yƮ�쨹�޲��r��y�h�+kiv��N�r��zǧu���[h�+��칻�&ޢ���kiv��

Pledge() in smtpd

2015-11-11 Thread michalzientara 
Hello guys,

Recently i was reading about new OpenBSD security mechanism called pledge(). I 
think this is another great idea from OpenBSD. Are you going to make use of it 
? 

Regards,
Michal Zientara


-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org