Re: not exactly (Re: systrace removed? Why?)

2016-09-03 Thread Michal Bozon
if someone's interested, here a list of fs differences between 6.0 upgraded from 5.9, and 6.0 install, i found, with some obvious differences like smtpd spool or sysmerge backups removed (amd64/qemu): http://pastebin.com/raw/VPkdbvxy (text/plain) (not pasting because of long lines) hth

Re: not exactly (Re: systrace removed? Why?)

2016-09-03 Thread Edgar Pettijohn
Sent from my iPhone On Sep 3, 2016, at 12:46 PM, Michal Bozon wrote: >> good(?) news: sysmerge is gone in 6.0 >> but not removed by 5.9 to 6.0 uprade process. > > s/sysmerge/systrace/ > pledge()

Re: not exactly (Re: systrace removed? Why?)

2016-09-03 Thread Michal Bozon
> > good(?) news: sysmerge is gone in 6.0 > > but not removed by 5.9 to 6.0 uprade process. > > > > I really have a hard time understanding what you're trying to point out. > > Yes, systrace is gone, but it's an ordinary binary that does no harm, > feel free to remove it if it makes you feel

Re: not exactly (Re: systrace removed? Why?)

2016-09-03 Thread Michal Bozon
> good(?) news: sysmerge is gone in 6.0 > but not removed by 5.9 to 6.0 uprade process. s/sysmerge/systrace/

Re: not exactly (Re: systrace removed? Why?)

2016-09-03 Thread Theo Buehler
On Sat, Sep 03, 2016 at 05:37:22PM +, Michal Bozon wrote: > > Why? > > good(?) news: sysmerge is gone in 6.0 > but not removed by 5.9 to 6.0 uprade process. > I really have a hard time understanding what you're trying to point out. Yes, systrace is gone, but it's an ordinary binary that

not exactly (Re: systrace removed? Why?)

2016-09-03 Thread Michal Bozon
> Why? good(?) news: sysmerge is gone in 6.0 but not removed by 5.9 to 6.0 uprade process.

Re: systrace removed? Why?

2016-04-27 Thread Christian Weisgerber
On 2016-04-27, Marc Espie wrote: > Race-conditiony things that make you go hum, oh shit is this thing > more dangerous than what it's actually potecting. Plus semantic bugs. > Like the time we had to hunt a really weird copy bug in the qt code until > we realized it was just

Re: systrace removed? Why?

2016-04-27 Thread Marc Espie
There were some significant issues with systrace over the years. Race-conditiony things that make you go hum, oh shit is this thing more dangerous than what it's actually potecting. Plus semantic bugs. Like the time we had to hunt a really weird copy bug in the qt code until we realized it was

Re: systrace removed? Why?

2016-04-26 Thread Kevin Chadwick
> it is not important. > > systrace was effectively deprecated 4-10 years ago, when there stopped > being a maintainer for it, or the broken ecosystem surrounding. > > That was a gap needed to consider a replacement model. > > What do you want here? I guess nothing important. I am happy with

Re: systrace removed? Why?

2016-04-26 Thread Theo de Raadt
>> how do you mean? what happens on 5.9 when you use systrace with pledged >> programs? Does cpu usage go through the roof by any chance? That would >> explain why I have had to disable it to avoid waiting so long for >> systraced desktop programs. > >hmmm, actually I guess the claws-mail port may

Re: systrace removed? Why?

2016-04-26 Thread Theo de Raadt
>> > Unfortunately systrace overhead can be significant for monitoring >> > complex programs but it could potentially be useful as a part of a >> > (HIPS or system intrusion or malfunction detection for a secure >> > server). hmmm, assuming pledge doesn't kill the offending process first, >> >

Re: systrace removed? Why?

2016-04-26 Thread Kevin Chadwick
> how do you mean? what happens on 5.9 when you use systrace with pledged > programs? Does cpu usage go through the roof by any chance? That would > explain why I have had to disable it to avoid waiting so long for > systraced desktop programs. hmmm, actually I guess the claws-mail port may not

Re: systrace removed? Why?

2016-04-26 Thread Kevin Chadwick
> > Unfortunately systrace overhead can be significant for monitoring > > complex programs but it could potentially be useful as a part of a > > (HIPS or system intrusion or malfunction detection for a secure > > server). hmmm, assuming pledge doesn't kill the offending process first, > > haha.

Re: systrace removed? Why?

2016-04-26 Thread Theo de Raadt
> > I guess the question is: how many people actually use systrace in > > scripts? Probably very very few. >From yesterday onwards, noone uses it. > I use it in scripts but will look to switching to pledge when I > have time, which I *should* be able to find in the next 6 months, haha. > It is

Re: systrace removed? Why?

2016-04-26 Thread Kevin Chadwick
> I guess the question is: how many people actually use systrace in > scripts? Probably very very few. I use it in scripts but will look to switching to pledge when I have time, which I *should* be able to find in the next 6 months, haha. It is however sometimes insightful as a quick and dirty

Re: systrace removed? Why?

2016-04-26 Thread Stuart Henderson
On 2016-04-26, arrowscr...@mail.com wrote: > Of course, you can put it on packages Nope.

Re: systrace removed? Why?

2016-04-25 Thread Michael McConville
arrowscr...@mail.com wrote: > I know about the pledge(2) development, but systrace and pledge are > not mutually exclusive. Pledge need to be used inline, where systrace > can be used as a command line tool. > > If you remove it, many scripts that use systrace for privilege > reduction will

Re: systrace removed? Why?

2016-04-25 Thread arrowscript
I know about the pledge(2) development, but systrace and pledge are not mutually exclusive. Pledge need to be used inline, where systrace can be used as a command line tool. If you remove it, many scripts that use systrace for privilege reduction will broke. Of course, you can put it on

Re: systrace removed? Why?

2016-04-25 Thread Luis Coronado
Why not? In a more serious way, read misc@ and tech@ particuarly in the subject about pledge. -luis On Monday, 25 April 2016, wrote: > Why?

systrace removed? Why?

2016-04-25 Thread arrowscript
Why?