Re: Pledge() in smtpd
On Thu, Nov 12, 2015 at 12:37:28AM +, michalzient...@gmail.com wrote: > Hello guys, > > Recently i was reading about new OpenBSD security mechanism called pledge(). > I think this is another great idea from OpenBSD. Are you going to make use of > it ? > OpenSMTPD already integrates pledge() in OpenBSD. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Odp.: Re: Pledge() in smtpd
That's one small step for opensmtpd but one giant leap for mankind :) --Oryginalna wiadomość-- Od: Gilles Chehade Do: michalzient...@gmail.com DW: misc@opensmtpd.org Temat: Re: Pledge() in smtpd Wysłano: 12 lis 2015 09:22 On Thu, Nov 12, 2015 at 12:37:28AM +, michalzient...@gmail.com wrote: > Hello guys, > > Recently i was reading about new OpenBSD security mechanism called pledge(). > I think this is another great idea from OpenBSD. Are you going to make use of > it ? > OpenSMTPD already integrates pledge() in OpenBSD. -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: Pledge() in smtpd
On 11/12/15 01:37, michalzient...@gmail.com wrote: Hello guys, Recently i was reading about new OpenBSD security mechanism called pledge(). I think this is another great idea from OpenBSD. Are you going to make use of it ? Regards, Michal Zientara Pledge is already used within the OpenBSD tree[1], so yes. On other platforms I can't tell you, since I'm not a developer on either smtpd or the other platforms, although I reckon it's highly unlikely, since it's an in kernel implementation. But as Theo stated[2]: someone smart might be able to build a compatible layer upon seccomp. Just don't hold your breath. [1] http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtpd.c?rev=1.254=text/x-cvsweb-markup [2] http://www.openbsd.org/papers/hackfest2015-pledge/mgp00034.html -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Pledge() in smtpd
On Thu, Nov 12, 2015 at 4:37 AM,wrote: > Hello guys, > > Recently i was reading about new OpenBSD security mechanism called pledge(). > I think this is another great idea from OpenBSD. Are you going to make use of > it ? > Yes, OpenSMTPd is already taking advantage of pledge() in OpenBSD. However, please note that this is an OpenBSD-only implementation, as pledge -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Odp.: Re: Pledge() in smtpd
That's great, thanx! --Oryginalna wiadomość-- Od: Martijn van Duren Do: misc@opensmtpd.org DW: michalzient...@gmail.com Temat: Re: Pledge() in smtpd Wysłano: 12 lis 2015 08:27 On 11/12/15 01:37, michalzient...@gmail.com wrote: > Hello guys, > > Recently i was reading about new OpenBSD security mechanism called pledge(). > I think this is another great idea from OpenBSD. Are you going to make use of > it ? > > Regards, > Michal Zientara > > Pledge is already used within the OpenBSD tree[1], so yes. On other platforms I can't tell you, since I'm not a developer on either smtpd or the other platforms, although I reckon it's highly unlikely, since it's an in kernel implementation. But as Theo stated[2]: someone smart might be able to build a compatible layer upon seccomp. Just don't hold your breath. [1] http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtpd.c?rev=1.254=text/x-cvsweb-markup [2] http://www.openbsd.org/papers/hackfest2015-pledge/mgp00034.html b��yǢ��m�+)[yƮ�쨹���r��y�h�+kiv��N�r��zǧu���[h�+��칻�&ޢ���kiv��
Pledge() in smtpd
Hello guys, Recently i was reading about new OpenBSD security mechanism called pledge(). I think this is another great idea from OpenBSD. Are you going to make use of it ? Regards, Michal Zientara -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org