Re: pledge in ports

Tue, 19 Jan 2016 02:40:18 +1300 Carlin Bingham > None of these can be dropped later or made conditional on the > configuration, as tor's config can be changed and reloaded while it's > running and it needs them all to handle that. > > Is a wide pledge like this still

Re: pledge in ports

> Tue, 19 Jan 2016 02:40:18 +1300 Carlin Bingham > > None of these can be dropped later or made conditional on the > > configuration, as tor's config can be changed and reloaded while it's > > running and it needs them all to handle that. > > > > Is a wide pledge like this

Re: pledge in ports: textproc/mupdf

On Mon, Jan 18, 2016 at 01:50:01PM +, Stuart Henderson wrote: > > These seem fine in my tests so far (tried a few files with various > image formats etc and some with passwords). > > > - mupdf-x11-curl > > I ran into a problem with mupdf-x11-curl fetching from http getting > killed on the

Re: pledge in ports: textproc/mupdf

On 2016/01/17 15:22, Sebastien Marie wrote: > Hi, > > Here a diff for adding pledge(2) to textproc/mupdf. I added ports@ in Cc > in order to get wider reviewing. > > I pledged all programs inside textproc/mupdf: > - mupdf-x11 > - mupdf-gl > - mutool

Re: pledge in ports

On Sun, 17 Jan 2016, at 04:13 AM, Jiri B wrote: > > Could you consider Tor please? > > j. > tor's pledge will looking something like: pledge("stdio rpath cpath wpath ps id dns inet unix flock getpw proc exec pf", NULL) None of these can be dropped later or made conditional on

Re: pledge in ports

On Sat, Jan 16, 2016 at 12:36:49PM +, Stuart Henderson wrote: > archivers/p7zip The key module is 80K lines of undocumented code, spread across 219 files. But it does have a test suite, so I'll see what I can do. -Josh-

Re: pledge in ports: textproc/mupdf

Hi, Here a diff for adding pledge(2) to textproc/mupdf. I added ports@ in Cc in order to get wider reviewing. I pledged all programs inside textproc/mupdf: - mupdf-x11 - mupdf-x11-curl - mupdf-gl - mutool draw,clean,extract,info,pages,poster,show - mujstest The patch files explains

Re: pledge in ports

On 2016/01/17 08:59, Josh Grosse wrote: > On Sat, Jan 16, 2016 at 12:36:49PM +, Stuart Henderson wrote: > > > archivers/p7zip > > The key module is 80K lines of undocumented code, spread across 219 files. > But it does have a test suite, so I'll see what I can do. Yikes! But on the plus

Re: pledge in ports

On Sun, Jan 17, 2016 at 02:38:47PM +, Stuart Henderson wrote: > As far as I'm aware it doesn't do network access itself or execute other > programs, and even a pledge that only prevents those things is very > meaningful. > > If you have chance to try that would be great - please do post if

pledge in ports

On 2016/01/15 12:11, Stuart Henderson wrote: > If people are interested in looking at adding pledge to other ports, > I have a little list of other ports where it might be both a) useful > and b) reasonably sane. Since there was some interest off-list, here's my current list - there ar

Re: pledge in ports

On Sat, Jan 16, 2016 at 12:36:49PM +, Stuart Henderson wrote: > archivers/p7zip > archivers/xz (see cvs log for the previous failed experiment) > mail/mutt > misc/memcached > net/arp-scan > net/avahi > net/bwm-ng or some other bandwidth monitor > net/curl > net/cvsync > net/ladvd and/or

Re: pledge in ports

> On Sat, Jan 16, 2016 at 12:36:49PM +, Stuart Henderson wrote: > > archivers/p7zip > > archivers/xz (see cvs log for the previous failed experiment) > > mail/mutt > > misc/memcached > > net/arp-scan > > net/avahi > > net/bwm-ng or some other bandwidth monitor > > net/curl > > net/cvsync > >

Re: pledge in ports

On 2016-01-16, Stuart Henderson wrote: > archivers/xz (see cvs log for the previous failed experiment) Oops. I think I forgot to commit this: https://marc.info/?l=openbsd-ports=144544207928404=2 -- Christian "naddy" Weisgerber na...@mips.inka.de