On Fri, 18 Jan 2019, Edd Barrett wrote:
> Has anyone else had a chance to look at this now that Theo's comments
> are (I think/hope) addressed?
>
> I'm not looking for OKs, but if it "looks good", I'd like to discuss the
> changes with upsteam.
Just installed it on my personal server.
It seems
Hi,
On Tue, Jan 01, 2019 at 09:31:29PM +, Edd Barrett wrote:
> Gah, you're right!
>
> There's no need to unveil /etc/resolv.conf or /etc/pwd.db.
>
> ...
> It turns out DNS is not required at all! So that's why it was working
> when I was testing.
>
> I also realised that none of 'tmppath',
Hey,
On Tue, Jan 01, 2019 at 12:30:04PM -0700, Theo de Raadt wrote:
> In particular, specific pledges open up various system files, so those
> do not need to be opened via unveil.
Gah, you're right!
There's no need to unveil /etc/resolv.conf or /etc/pwd.db.
> The lack of pledge "dns" but
The proposed diff contains many problems, and demonstrate that pledge and
unveil are not well understood.
In particular, specific pledges open up various system files, so those do not
need to be opened via unveil. Thos unveil calls are misguided. This is a
pretty
strange misunderstanding.
The
Hey,
Having been interested in learning about pledge and unveil, I decided to
try and tighten up net/gophernicus (just in time for the hipster
resurgence of gopher you've all been waiting for :P ).
It turned out to be harder than expected, due to some of the features
and design decisions made
